Apple issued an emergency short, sharp series of security fixes for spyware for Macs, iPhones and iPads. Update your phone if you are a user of any of the products. Currently, only iOS 16 and iPadOS 16 mobile versions have updates available. Meanwhile, it is not clear whether iOS 15 and iPadOS 15 users with older devices are vulnerable. Therefore, for now they don’t need patches or any risk of spyware.
In the updates- two different bugs will be addressed:
- CVE-2023-28205: A security hole in WebKit
- CVE-2023-28206: A bug in Apple’s IOSurfaceAccelerator display code.
Any App that uses Webkit displays HTML Content. WebKit is Apple’s web content display subsystem.WebKit to show you web page previews, display help text, or even just to generate a good-looking About screen making it vulnerable for cybercriminals to control your browser. A kernel is a fundamental part of an operating system that manages system resources and provides a low-level interface between software and hardware.
Interestingly, bugs at the kernel level that depend on a maliciously-designed application are generally ineffective on their own when it comes to targeting iPhone or iPad users. This is due to Apple's strict regulations and policies regarding the App Store, which create a "walled garden" that makes it difficult for attackers to deceive users into installing a malicious app in the first place.
The two bugs are a cause for concern not only because they are zero-day vulnerabilities, which means that attackers have already been exploiting them before any patches were developed, but also because they were discovered and reported by Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab.
Although Apple has not provided any further information, it is reasonable to assume that these bugs were initially identified by privacy and social justice advocates at Amnesty and then investigated by incident response experts at Google. If that is the case, these security flaws could have been and possibly already have been exploited for deploying spyware.
While it is possible that these attacks were targeted, and most of us are not likely to be directly affected, it still suggests that these bugs can effectively compromise unsuspecting victims in real-world scenarios.
You may already have been offered the update by Apple if you are using any product. if you haven’t been, or you were offered it but turned it down for the time being, we suggest forcing an update check as soon as you can.
Original article posted by Naked security
You may like Reading :
No comments:
Post a Comment