Apple patches zero-day kernel hole and much more – update now! – Naked Security - Then there’s a second zero-day
Looking for:
Apple patches new zero-day exploited to hack iPhones, iPads, Macs- Apple patches zero day
- Apple Announces Two Zero-Day Vulnerabilities for macOS & iOS
Apple has rolled out updates for its mobile, tablet and desktop operating systems, and they come with a fix for two zero-day vulnerabilities.
As Ars Technica notes, the bugs can give bad actors access to the internals of the operating systems if exploited. Apple said in its patch notes that it's aware "of a report that [the issues] may have been actively exploited," but it didn't expound on whether it has detected instances of the bugs being used to gain entry to customers' devices. The tech giant attributes the vulnerabilities' discovery to "an anonymous researcher.
One of the vulnerabilities called CVE affects all three operating systems and gives hackers a way to execute malicious code with kernel privileges. That means they can get complete access to their target's system and hardware. The other vulnerability, CVE, affects macOS and could lead to the "disclosure of kernel memory" or the the memory used by an operating system. They're the fourth and fifth zero-days Apple has fixed this year so far, which includes one that can be exploited to track sensitive user information.
In addition to fixing the zero-day vulnerability affecting iPhones, iOS Apparently, iOS The update fixes an issue that could render Braille devices unresponsive, as well. Sign up. Moon Sponsored Links.
April 1, AM. In this article: news , gear , iPadOS PhillDanze via Getty Images Apple has rolled out updates for its mobile, tablet and desktop operating systems, and they come with a fix for two zero-day vulnerabilities.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Scientists may have found an affordable way to destroy forever chemicals. James Webb telescope captures surreal images of Jupiter's auroras.
Apple patches zero day. Apple patches double zero-day in browser and kernel – update now!
Simply put, a cybercriminal could implant malware on your device even if all you did was to view an innocent-looking web page. Loosely speaking, however, a working WebKit RCE followed by a working kernel exploit, as seen here, typically provides all the functionality needed to mount a device jailbreak therefore deliberately bypassing almost all Apple-imposed security restrictions , or to install background spyware and keep you under comprehensive surveillance.
At the time of writing, Apple has published advisories for iPad OS 15 and iOS 15 , which both get updated version numbers of Follow NakedSecurity on Twitter for the latest computer security news. Who can say?
Keep checking for updates is my recommendation! If you genuinely think that you might have been targeted by this pair of bugs, then all I can suggest is that you read up on how to do an official Apple DFU device firmware update , which basically wipes the device and reinstalls the entire operating system from scratch. I have had two Apple phones now, and I did a DFU myself each time after getting back from the shop with my new purchase.
Because I could. It adds a fair chunk of time, but most of that is just sitting around waiting for the firmware image to download and get copied across. Would be good if Apple patched older iOS versions too, otherwise this leads to the question whether iPhones and Macs have become expensive short lifespan purchases. Only the very latest iOS 15 gets updates. If you have a phone that can be upgraded to iOS 15, then that is your path forward.
Either you have to keep on using it with no more updates ever because iPhones are locked down to prevent you patching them yourself or installing an alternative operating system , or send them for recycling. Mac users current have slightly more choice, depending on the age of their product, with macOS 12 Monterey, the latest version , macOS 11 Catalina and macOS 10 Big Sur all getting updates.
Skip to content. XG Firewall. Known as CVE, it is one of eleven security vulnerabilities patched in the most recent update to the Chrome browser although this is the only one confirmed to have been actively exploited. Other browsers based around Chromium, the engine that powers Chrome including Brave, Edge and Opera are likely to also be affected by the vulnerability. Apple users were also hit by a vulnerability found in Zoom earlier this week named CVE that could allow an attacker to gain access and take over a Mac computer via the Zoom package installer.
The exploit came about because of the way the auto-update client in Zoom connects to a daemon a type of programme running in the background with higher levels of privileges using a two-step process. It allowed a hacker to trick the update manager into forcing Zoom to downgrade to a more easily exploitable earlier version of Zoom or download a different package. View All. Content from our partners How the retail sector can take firm steps to counter cyberattacks.
How to combat the rise in cyberattacks. Why email is still the number one threat vector. Topics in this article: Apple , Cybersecurity.
Comments
Post a Comment