20-08-22, 03:55
|
#1
|
Join Date: Feb 2011
Posts: 47,710
Thanks: 27,653
Thanked 14,458 Times in 10,262 Posts
|
Apple Warns of Security Flaw For iPhones iPads & Macs
Apple Security Update: Firm Warns of Serious Flaw For iPhones, iPads and Macs
A security flaw for iPhones, iPads and Macs has been admitted by Apple which could see hackers have the ability to take control of them and people have been advised to update their devices
Apple has published two security reports over the flaws
Daily Mirror 20 AUG 2022
Apple has admitted that its iPhones, iPads and Macs have serious security vulnerabilities which could allow hackers to take over the devices.
The company has published two security reports over the flaws but it did not give specifics about how many people will have been affected.
People have been advised by experts to update their devices if they have models from the iPhone 6S onwards as well as newer iPads and Macs that run macOS Monterey.
Apple has also reportedly stated it was “aware of a report that this issue may have been actively exploited”.
On its website it says: "For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
"Apple security documents reference vulnerabilities by CVE-ID when possible. For more information about security, see the Apple Product Security page."
Referring specifically to the security flaws regarding macOS Monterey 12.5.1 it states: "Kernel. Available for: macOS Monterey. Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher.
"WebKit. Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 243557. CVE-2022-32893: an anonymous researcher."
Apple has also stated it was “aware of a report that this issue may have been actively exploited”.
TechCrunch has said that possibly being "able to execute arbitrary code with kernel privileges" refers to having full access to the device while a WebKit bug could happen if a device accessed "maliciously crafted web content (that) may lead to arbitrary code execution".
While Rachel Tobac, CEO of SocialProof Security, said that Apple’s description of the security vulnerabilities means a hacker could get “full admin access to the device” and “execute any code as if they are you, the user"
|
|
|