![]() Since Friday (April 7), Apple has released security updates for newer macOS ( 13.3.1), iOS and iPad OS ( 16.4.1) versions, and then quickly backported the patches to fix the flaws in older (macOS 12.6.5 and 11.7.6, and iOS/iPad 15.7.5) versions. “But when attackers can combine a remote browser-busting bug with a local kernel-busting hole, they can sidestep the App Store problem entirely.” Security updates for Macs, iPhones and iPads are available “Ironically, kernel-level bugs that rely on a booby-trapped app are often not much use on their own against iPhone or iPad users, because Apple’s strict App Store ‘walled garden’ rules make it hard for attackers to trick you installing a rogue app in the first place,” says Paul Ducklin, Sophos Head of Technology for the Asia Pacific region. The latter allows attackers to escape Safari’s sandbox (i.e., escalate privileges) and achieve full system access. ![]() The former can be used to perform a drive-by, zero-click attack resulting in the silent installation of malware on the target device. The flaw can be triggered via maliciously crafted web content and may lead to arbitrary code execution.ĬVE-2023-28206 is an out-of-bounds write issue in IOSurfaceAccelerator that can be exploited by a malicious app to execute arbitrary code with kernel privileges. About the vulnerabilitiesĬVE-2023-28205 is a use after free issue in the WebKit browser engine, which is used by Safari and all web browsers on iOS and iPadOS. Reported by researchers Clément Lecigne of Google’s Threat Analysis Group (TAG) and Donncha Ó Cearbhaill, the head of Amnesty International’s Security Lab, the vulnerabilities have been exploited in tandem to achieve full device compromise – with the likely (though not confirmed) goal to install spyware on target devices. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Rachel Tobac, CEO of SocialProof Security, said those who should prioritise updating their software are people “in the public eye” such as activists or journalists who might be the targets of sophisticated spyware.ġ0 things you need to know direct to your inbox every weekday. ![]() The latest security update has been issued for iPhone 6S and later models, the iPad Air 2 and later, iPad fifth generation and later, some iPod Touch models, all iPad Pro models and Macs running MacOS Monterey. Last September, Apple issued an urgent update to address a security flaw that could be exploited to infect iOS devices with the spyware. These types of vulnerabilities have been exploited by malicious actors in the past, notably with the use of Pegasus spyware. This flaw may allow hackers to run arbitrary code execution on devices that access malicious websites.Ī hacker can use arbitrary code execution to try achieve administrator control of a device. The second vulnerability was discovered in WebKit, the browser engine used by Safari and other apps that can access the web. ![]() This is a core component of an operating system and has the highest privileges.Īn application may be able to exploit this vulnerability to execute code with kernel privileges, giving hackers the ability to execute any commands and effectively take control of the device. The first is an out-of-bounds write vulnerability in the operating system’s kernel. In a security report, Apple attributed the discovery of these security flaws to an anonymous researcher. The vulnerabilities affect certain versions of iOS, iPadOS and MacOS Monterey. The tech giant has issued software patches to address the vulnerabilities and is urging users to update their devices.Īpple said it is aware of a report that these security issues “may have been actively exploited”, but it did not disclose how many users might have been affected. The tech giant has issued software updates to fix two vulnerabilities that may have been exploited to give hackers full control of devices.Īpple has disclosed two security flaws that could potentially allow attackers to gain full control of iPhone, iPad and Mac devices. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |