![]() Make sure you update your iPhone, iPad, and Mac each time a new version of the operating system becomes available. These included security fixes for a bug that was being exploited on people’s devices. Since Apple addressed these vulnerabilities, it has also released newer versions of macOS and iOS. Apple has also issued CVEs for the vulnerabilities that were discovered: CVE-2023-23530 and CVE-2023-23531. (The existence of a vulnerability doesn’t mean that it has been exploited.)Īpple patched the NSPredicate vulnerabilities Trellix found in its macOS 13.2 and iOS 16.3 software updates, which were released in January. They would need to have found a way in before being able to abuse the NSPredicate system. “Especially with that backdrop of ForcedEntry because somebody at that sophistication level already was leveraging a bug in this class.”Ĭrucially, any attacker trying to exploit these bugs would require an initial foothold into someone’s device. The iOS 16 update is also notable for incorporating a new Lockdown Mode that's designed to make zero-click attacks harder.The new class of bugs “brings a lens to an area that people haven’t been researching before because they didn’t know it existed,” McKee says. It said a flaw in its latest update allows hackers to take control of a device. ![]() Nemanja Potkonjak/Getty Images Apple has released emergency security updates for its iPhones, iPads, and Macs. CVE-2022-32894 (Kernel) – An application may be able to execute arbitrary code with kernel privilegesīesides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. Apple said its latest update has a security flaw that can give hackers unrestricted privileges on a device. Apple has issued an urgent security update for iPhone users to help address two critical vulnerabilities that it believes may already be affecting devices.CVE-2022-32893 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2022-22675 (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges.CVE-2022-22674 (Intel Graphics Driver) – An application may be able to read kernel memory.CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution.CVE-2022-22594 (WebKit Storage) – A website may be able to track sensitive user information (publicly known but not actively exploited).CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges Apple recently issued an urgent security alert, telling those that own an iPhone, iPad and Mac, warning them to update their devices.With the latest fixes, Apple has addressed seven actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year. ![]() The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). How to update to the latest software version Apple users can update their iPhones and iPads by going to Settings > General > Software Update and their Macs by going to System Preferences >. Patches are available in versions iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. To make matters worse, Apple is aware of a recent report which indicates that this zero-day vulnerability may have been actively exploited in the wild.
0 Comments
Leave a Reply. |