Apple still sees its fair share of exploitable bugs, even in its silicon. We might hear about more Android vulnerabilities, but that's because Android is an open-source platform. These flaws are the sixth and seventh zero-days patched by Apple so far this year. That means simply visiting a malicious website on an unpatched device could be enough to get you in trouble.Īpple says these flaws are being actively exploited and were reported by anonymous security researchers. This bug could also allow arbitrary code execution, and while the WebKit engine doesn't have the pervasive system access of the kernel, it is a web component. So, even third-party browsers like Chrome and Firefox offer no reprieve. Coincidentally, that's the only engine Apple allows on the iPhone. This too is an out-of-bounds write vulnerability, but it's a flaw in the WebKit browser engine at the heart of Apple's Safari browser. The second vulnerability is CVE-2022-32893. A vulnerability here allows malware to execute code with the same high privilege level to completely take over the device. It's an out-of-bounds write vulnerability in the operating system kernel, a low-level framework that has access to all parts of the system. The first flaw is tracked as CVE-2022-32894. You can see the update notice for iPhone below. Even Apple's recently discontinued 7th gen iPod Touch gets in on the fun. However, all iPhone models from the 6s onward are affected, as are all models of the iPad Pro, as well as the iPad Air 2, the 5th Gen iPad, the iPad Mini 4, and all later models in these lines. If you're on an older version of macOS, you are not vulnerable to this particular issue. The updates address the same pair of vulnerabilities on both mobile and desktop platforms. The update addresses a pair of zero-day vulnerabilities in Apple's software, meaning they are already being used in the wild to exploit devices.Īpple macOS Monterey has been updated to v12.5.1, and iOS is now on v15.6.1. Apple has announced an emergency patch for iPhones, iPads, and macOS computers, an increasingly common event. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.Ī woman walks past an Apple store in Beijing, China July 28, 2016.Anyone with an iPhone in their pocket or a Mac on their desk should be hitting that update button today. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. READ MORE: Apple threatened to pull Facebook and Instagram from its app store over human trafficking In all cases, it cited an anonymous researcher.Ĭommercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. The flaw also affects some iPod models.Īpple did not say in the reports how, where or by whom the vulnerabilities were discovered. Security experts have advised users to update affected devices - the iPhone6S and later models several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2 and Mac computers running MacOS Monterey. READ MORE: Apple workers vote to unionize at Maryland store That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security. SAN FRANCISCO (AP) - Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.Īpple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.Īpple’s explanation of the vulnerability means a hacker could get “full admin access” to the device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |