Apple Patches Serious Security Flaws With iOS Update

Uploaded on 2022-08-30 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has warned about serious security flaws which hackers may have "actively exploited" and has released an urgent security update for its iPhone, iPad and Mac devices.

Users of these devices are advised to immediately install the software updates that include security patches to fix two zero-day vulnerabilities. 

The patches fix vulnerabilities that allow attackers to execute arbitrary code and take over devices. The flaws lie in the kernel and WebKit functions. 

The update has been made available to iPhone 6s and later, iPad Pro, iPad Air 2 and later and iPad 5th generation and later. It is also available to the iPad mini 4 and later versions and the iPod touch (7th generation). Mac users running macOS Monterey are also being encouraged to update. “For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases,” an Apple advisory notice said.

Software updates are an everyday aspect of our modern tech lives, but this is one update that should not be ignored.

  • One of the software weaknesses affects the kernel, the deepest layer of the operating system that all the devices have in common.
  • The other affects WebKit, the underlying technology of the Safari web browser and Apple said this could be used by hackers if the user accessed "maliciously-crafted web content". 

There have been no confirmed reports of specific cases where the security flaw has been used against people or devices, although there is suspicion that Apple is acting in response to widely reported use of spyware developed by Israel's NSOGroup.

For each of the bugs, the company said it was “aware of a report that this issue may have been actively exploited,” though it provided no further details although crediting an anonymous researcher for disclosing both software flaws.

Previous research has shown that even commercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and spies target users in real time. 

Users should rightly be concerned about the potential power hackers could wield if they target a device that is vulnerable to this attack. While the most vulnerable to these problems are high profile targets like politicians and celebrities, everyone should update their iOS devices as soon as possible.

Apple:     Apple:      Macrumors:    Oodaloop:   Tomsguide:      CBS:   BBC:    Guardian:    Yahoo

You Might Also Read:

Spyware - Apple Starts Legal Action Against NSO Group:

 

« Blacklisted Israeli Spyware Firm CEO Quits
Digital Banking & Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Zeusmark

Zeusmark

Zeusmark are a digital brand security company. We enable companies to successfully defend their brands, revenue and consumers online.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.