All of the latest Apple devices are affected by this issue, which also allows a hacker to take full control of the device.
If you have a new Apple device, be it an iPhone, iPad, or Mac, it is highly recommended that you install the security update already released by the company as soon as possible. The Cupertino house said that a very large number of its devices have a very serious security problem, to the point that an attacker can gain complete control over the same devices.
Specifically, they are affected, according to a security notice posted on Apple’s website:
– iPhone 6s and newer;
– All iPad Pro and iPad 5th generation and later
– Mac computers with macOS Monterey.
What to do: Install the update
According to Apple, if you haven’t updated, there’s a chance that the app may have “used arbitrary code” with unauthorized access to the device, which means that the hacker could perform actions without authorization. “This feature may have already been exploited by hackers,” Apple says without giving further details.
To fix the issue reported by unnamed researchers, Apple encourages users to install updates that contain a solution to the “hole” in question:
– iOS 15.6.1 for iPhone;
– iPadOS 15.6.1 for iPad;
– macOS Monterey 12.5.1 for Mac computers.
More specifically, one of the weaknesses concerns nucleus, the deepest layer of the operating system common to all devices, Apple said. Instead, other worries webkitthe “engine” or underlying technology of the Apple browser, Safari.
The two discovered vulnerabilities are coded as CVE-2022-32893 As well as CVE-2022-32894 and for security reasons, the exact operation has not yet been made public (even if you can find material on the dark web), but the first of two bugs (32893) allows malware to run on a device with simple web page navigation specially crafted by the attacker. There 32984instead, it allows you to take full control of the operating system. However, these are not errors that will lead to massive and indiscriminate exploitation of the vulnerability, but make especially vulnerable those activists, politicians, journalists or public figures who, by virtue of their role, are especially susceptible to targeted attacks by structured groups of hackers. … or “enemy” state structures. With the next iOS update (iOS 16), Apple will make available a “Lock Mode” that will allow you to “Lock” your iPhone by removing a number of features.
What are zero-day vulnerabilities
“Today’s Apple case,” Riccardo Meggiato, an expert in cybersecurity and computer forensics, explains to us:it’s like discovering that the security door of the house has a defect in the lock, which allows you to use a key from another model to enter the building. If no one knows about the defect, the person continues to enter and leave the house without any worries. When the defect is discovered, first of all, by a thief, he will be able to get in so that neither we nor the door manufacturer suspect anything. This type of defect, known only to some participants, is known in the IT field as “zero day vulnerability“For this reason, the two vulnerabilities discovered by Apple are serious,” continues Meggiato: “Apple discovered them just a few days ago, but in the meantime, some cybercriminals may have already used them to access the PC, smartphone and tablet of the manufacturer without authorization. . from Cupertino. To do this, you need an “exploit”, that is, a piece of software that turns a vulnerability into a criminal opportunity. There is a very rich market for this type of “exploit” and this is the reason why those who discover a vulnerability and perhaps implement an “exploit” to exploit it, if they do not have strong ethics, are tempted to sell the package to a gang of cybercriminals. At this point, the exploit is used to launch attacks, scam, or upgrade Trojans that some governments choose to install on the devices of dissidents and activists in order to spy on them without their knowledge.”
“Zero days” will affect everyone, because modern software consists of millions of lines and it is not always easy to identify each defect. It is for this reason that it is important to update our devices as soon as the manufacturer releases an update.
© PLAYBACK PROTECTED
If you liked reading iPhone, iPad and Mac to Update Now: Apple Releases Security Update for Serious Vulnerability
Please share with your friends and family.