Remember to update all your Apple devices, as the iPhone maker also released iPadOS 15.6.1, watchOS 8.7.1 and macOS Monterey 12.5.1. He urges people to update to iOS 15.6.1 straight away. In January 2022, it fixed two such flaws, namely CVE-2022-22578, and CVE-2022-22594, which allowed arbitrary code execution. “A working WebKit RCE followed by a working kernel exploit, as seen here, typically provides all the functionality needed to mount a device jailbreak (therefore deliberately bypassing almost all Apple-imposed security restrictions), or to install background spyware and keep you under comprehensive surveillance,” says Duckin. Apple’s been quite busy fixing zero-day vulnerabilities in recent months. There are hints that the flaws patched in iOS 15.6.1 would be used to perform a very targeted attack to install spyware on a device-typically used against high-profile targets such as dissidents and journalists. This could allow an attacker to spy on apps, access the data on your device, change your security settings, read your messages and activate your camera and mic. These are the sort of “administrative superpowers” normally reserved for Apple itself, Duckin explains. The second vulnerability patched in iOS 15.6.1, tracked as CVE-2022-32894, could allow an attacker who has already gained a basic foothold on an Apple device by exploiting the WebKit bug “to jump from controlling just a single app to taking over the operating system kernel itself.” “The vulnerability potentially affects many more apps and system components than just Apple’s own Safari browser.” He also warns that avoiding Safari won’t help. “Simply put, a cybercriminal could implant malware on your device even if all you did was view an otherwise innocent web page,” he says. In a newly-published blog, Sophos principal research scientist Paul Ducklin explains how the CVE-2022-32893 flaw in WebKit, which underpins the Safari browser, could allow a “booby trapped web page” to trick iPhones, iPads and Macs into running unauthorised and untrusted software code. Security company Sophos has shed some light on how the patched iOS 15.6.1 flaws could have led to real-life attacks. So what are you waiting for? Go to your iPhone Settings > General > Software Update and download and install iOS 15.6.1 now. However, I recommend you make an exception and update to iOS 15.6.1-issues in the Kernel are about as bad as you can get, so it’s not worth taking the risk. Some people don’t like to update to iPhone versions straight away to wait for any bugs to be ironed out. Taking this into account, he recommends you update your iPhone to iOS 15.6.1 as soon as possible. He says it’s possible the two vulnerabilities “could be chained together to allow attackers to remotely gain full access to victims’ devices.” Ensure your device is plugged into AC power or your battery is fully charged before starting the software update. Before you download: Make sure you have a strong Verizon wireless network connection. “Apple iOS 15.6.1 is an important update,” says independent security researcher Sean Wright. This software update has been tested to optimize device performance, resolve known issues and apply the latest security patches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |