However, CVE-2022-32894 is listed as a Big Sur bug only, with the more recent operating system versions macOS 12 (Monterey), iOS 15, iPadOS 15 and iOS 16 apparently unaffected. Intriguingly, macOS 11 (Big Sur) gets its own update to macOS 11.7, which patches a second zero-day hole dubbed CVE-2022-32894, described in exactly the same words as the iOS zero-day bulletin quoted above. If, indeed, this “issue” (or security hole as you might prefer to call it) has been actively exploited in the wild, it’s reasonable to infer that there are apps out there that unsuspecting users have already installed, from what they thought was a trusted source, even though those apps contained code to activate and abuse this vulnerability. …and potentially take over the entire device, including grabbing the right to perform system operations such as using the camera or cameras, activating the microphone, acquiring location data, taking screenshots, snooping on network traffic before it gets encrypted (or after it’s been decrypted), accessing files belonging to other apps, and much more. Apple is aware of a report that this issue may have been actively exploited.ĭescription: The issue was addressed with improved bounds checks.Īs we pointed out when Apple’s last emergency zero-day patches came out, a kernel code execution bug means that even innocent-looking apps (perhaps including apps that made it into the App Store because they raised no obvious red flags when examined) could burst free from Apple’s app-by-app security lockdown… Impact: An application may be able to execute arbitrary code with kernel privileges. The bug, the discovery of which is credited simply to “an anonymous researcher”, is described as follows:Īvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Just to be clear, if you don’t want to upgrade to iOS 16 just yet, you still need to update, because the iOS 15.7 and iPadOS 15.7 updates include numerous security patches, including a fix for a bug dubbed CVE-2022-32917. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.Be sure to update even if you don’t upgrade Last September, Apple issued an urgent update to address a security flaw that could be exploited to infect iOS devices with the spyware.Įveryone with iPhones and iPads on iOS 12 should update their devices immediately.ġ0 things you need to know direct to your inbox every weekday. These types of vulnerabilities have been exploited by malicious actors in the past, notably with the use of Pegasus spyware. This could have given hackers the ability to execute any commands and effectively take control of a device. Older devices running on iOS 12 were not impacted by a second recently discovered vulnerability that affected the kernels of operating systems – a core component of any OS with the highest privileges. ![]() It attributed an anonymous researcher with the discovery of the security flaw. The patches were backported from an update two weeks ago that addressed issues on iPhone 6S and later models, all iPod Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later and iPod touch (7th generation).ĭiscovered in WebKit, the browser engine used by Safari and other apps that can access the web, the iOS 12 vulnerability may allow hackers to run arbitrary code execution on devices that access malicious websites.Īpple said that it is aware of a report that this issue “may have been actively exploited”. The software giant posted a security advisory yesterday (31 August) saying “an out-of-bounds write issue was addressed with improved bounds checking”. Users of the iPhone 5S, iPhone 6, iPhone 5 Plus, iPad Air, iPad Mini 2, iPad Mini 3 and iPod Touch (6th generation) are now advised to update to iOS 12.5.6 to protect their devices. Discovered by an anonymous researcher, Apple said it is aware of a report that the flaw ‘may have been actively exploited’.Īpple has released a security update for older iPhones and iPads running on iOS 12 to patch a vulnerability that could let a malicious website run unchecked code on the device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |