![]() ![]() Apple is aware of a report that this issue may have been actively exploited.” The first is an application that may be able to “execute arbitrary code with kernel privileges. There are two items on the menu, called Kernel and WebKit respectively. Indeed, in the last few minutes, Apple has refreshed its page of security updates details, indicating what iOS 15.6.1 is all about. Which tells you that this update must be all about fixes and security changes, not new features. This is a surprise update, with most analysts believing that last month’s iOS 15.6 would be the last before the move to iOS 16 in September. Within a few minutes, it’ll be good to go-this is not a huge update. Once you’ve clicked on Download and Install, it’ll do everything for you. Updating is easy-peasy: open the Settings app on the device and then choose General, then Software Update. This won’t apply with iOS 16, by the way, which is for iPhones from iPhone 8 onwards.įor iPads, you’re good to go with iPadOS 15.6.1 if you have any iPad Pro, any iPad Air from iPad Air 2, iPad mini 4 or newer and iPad from the fifth generation onwards. In other words, every iPhone from the iPhone 6s onwards and includes all three generations of iPhone SE. That’s quite the achievement, stretching back across every device released in the last six years. ![]() Impressively, Apple has ensured that every iOS 14-capable iPhone runs iOS 15, too. If you have a device that runs iOS 14, you’re sorted. Check out Gordon Kelly’s new post to find out if you should do so. The bugs were reported by anonymous researchers.Īlarming though these details are, updating should fix the bugs. The fact that Apple also disclosed active exploitation in the wild is also worth noting and the bug fixes below are the sixth and seventh zero day exploits Apple has addressed this year, though the first five were all in January to March. ![]() Those in the public eye such as activists, politicians and journalists should act quicker due to previously becoming targets of nation state spying.” In addition to addressing security vulnerabilities, the iOS 15.4.1 update also addresses a battery draining issue some users had reported since installing the original iOS 15.4 update.‘If exploited, attackers would be able to see your location, read messages, view contacts lists and potentially even access the microphone and camera – all the things you don’t want to have out there. It's only a matter of time before someone tries to use these flaws in widespread attacks. So are you at high risk of being attacked using these flaws? Probably not yet.īut you should update your iDevices anyway, because as you read this, criminal hackers who are far less discriminating in whom they target are taking apart these Apple patches and trying to figure out how to exploit these vulnerabilities. Apple isn't saying who, but odds are it's some nation-state going after political dissidents or another undesirable group.Ĭhina has used iOS flaws in recent years to spy on Uyghur activists, and Middle Eastern petrostates have bought commercial iOS spyware to monitor dissidents and human-rights activists. In other words, someone has already been using these vulnerabilities to attack Macs, iPhones and/or iPads. In both cases, a malicious application has to get on your Mac, iPhone or iPad in the first place to carry out its dirty deeds, but that's not impossible if the app exploits a "zero-day" flaw that Apple isn't aware of until the malware has already been used.Īnd indeed, both these flaws get the disclaimer: "Apple is aware of a report that this issue may have been actively exploited." federal government designates information-security problems.)Ĭredit for notifying Apple of both flaws was given to "an anonymous researcher." Who's behind these attacks? (CVE stands for "common vulnerabilities and exposures" and is how the U.S. Needless to say, it sounds just as severe on mobile devices as it does on Macs. That's pretty serious, because it's basically God mode - it means an app can do whatever it wants on your Mac, iPhone or iPad.ĬVE-2022-22675 also exists on iOS and iPadOS, and was the only vulnerability patched in today's updates on those platforms. It could make it possible for an application "to execute arbitrary code with kernel privileges," as Apple phrased it in its security advisory. The second vulnerability is catalogued as CVE-2022-22675 and is a flaw in the AppleAVD media decoder. That ability could let an application steal passwords, digital verification signatures or all sorts of other secret information that modern operating systems use to keep things locked down. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |