Warning apple security breach on iphone6/23/2023 In addition to addressing security vulnerabilities, the iOS 15.4.1 update also addresses a battery draining issue some users had reported since installing the original iOS 15.4 update. It's only a matter of time before someone tries to use these flaws in widespread attacks. So are you at high risk of being attacked using these flaws? Probably not yet.īut you should update your iDevices anyway, because as you read this, criminal hackers who are far less discriminating in whom they target are taking apart these Apple patches and trying to figure out how to exploit these vulnerabilities. Apple isn't saying who, but odds are it's some nation-state going after political dissidents or another undesirable group.Ĭhina has used iOS flaws in recent years to spy on Uyghur activists, and Middle Eastern petrostates have bought commercial iOS spyware to monitor dissidents and human-rights activists. In other words, someone has already been using these vulnerabilities to attack Macs, iPhones and/or iPads. In both cases, a malicious application has to get on your Mac, iPhone or iPad in the first place to carry out its dirty deeds, but that's not impossible if the app exploits a "zero-day" flaw that Apple isn't aware of until the malware has already been used.Īnd indeed, both these flaws get the disclaimer: "Apple is aware of a report that this issue may have been actively exploited." Go to Settings > Safari and tap Clear History and Website Data. federal government designates information-security problems.)Ĭredit for notifying Apple of both flaws was given to "an anonymous researcher." Who's behind these attacks? Put your iPhone or iPad into Airplane Mode (go into Settings and toggle the Airplane Mode switch into the off position). Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak. (CVE stands for "common vulnerabilities and exposures" and is how the U.S. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as 1234 or 8765, or if they follow a repetition pattern, such as 123123 or 123321. Needless to say, it sounds just as severe on mobile devices as it does on Macs. That's pretty serious, because it's basically God mode - it means an app can do whatever it wants on your Mac, iPhone or iPad.ĬVE-2022-22675 also exists on iOS and iPadOS, and was the only vulnerability patched in today's updates on those platforms. It could make it possible for an application "to execute arbitrary code with kernel privileges," as Apple phrased it in its security advisory. The second vulnerability is catalogued as CVE-2022-22675 and is a flaw in the AppleAVD media decoder. In a June 5 announcement posted to the Chrome releases blog, Google confirms that the desktop application has been updated to version 1. That ability could let an application steal passwords, digital verification signatures or all sorts of other secret information that modern operating systems use to keep things locked down. Google issues emergency security update for Chrome.
0 Comments
Leave a Reply. |