![]() ![]() Since both flaws are likely being actively exploited right now, it's probably wise for owners of all the aforementioned devices to install the patches by downloading the latest software update. They both affect the same set of iPhones and iPads, as well, particularly: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation). Like the first vulnerability, Apple credits an anonymous researcher for the discovery of this flaw - it also knows that it may have already been exploited and used to compromise iOS and Mac devices.īoth flaws are present in macOS Monterey 12.5.1, and Apple has rolled out a patch for the operating system. According to the company, it allows attackers to arbitrarily execute code and could hence be used to, among other things, download more malware. In addition, Apple has also rolled out a fix for a vulnerability affecting WebKit, the engine used by Safari, Mail and many other iOS and macOS apps. The company says it's aware that the vulnerability may have already been exploited. It says the flaw could be exploited "to execute arbitrary code with kernel privileges," which means attackers could act as the user and gain admin control of the target device. ![]() The tech giant's security advisory is pretty light on details, but it has identified CVE-2022-3289 as a vulnerability discovered by an anonymous researcher. ![]() The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.Apple has released a fix for a zero-day vulnerability that bad actors could exploit to take full control of an iPhone, an iPad or a computer running macOS Monterey. Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. NSO Group has been blacklisted by the U.S. In all cases, it cited an anonymous researcher.Ĭommercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and surveils the targets in real time. iOS 2.0+ iPadOS 2.0+ macOS 10.0+ Mac Catalyst 13.0+ tvOS 9.0+ watchOS 2.0+ Overview Use the Security framework to protect information, establish trust, and control access to software. The flaw also affects some iPod models.Īpple did not say in the reports how, where or by whom the vulnerabilities were discovered. Security Secure the data your app manages, and control access to your app. Security experts have advised users to update affected devices - the iPhone6S and later models several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2 and Mac computers running MacOS Monterey. That would allow intruders to impersonate the device's owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security. The company said it is “aware of a report that this issue may have been actively exploited.”Īpple released two security reports about the issue on Wednesday, although they didn't receive wide attention outside of tech publications.Īpple's explanation of the vulnerability means a hacker could get "full admin access" to the device. ![]() Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |