{"id":20003,"date":"2022-09-01T16:30:10","date_gmt":"2022-09-02T00:30:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/09\/01\/news-13736\/"},"modified":"2022-09-01T16:30:10","modified_gmt":"2022-09-02T00:30:10","slug":"news-13736","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/09\/01\/news-13736\/","title":{"rendered":"Apple pushes out emergency updates to address zero-day exploits"},"content":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Thu, 01 Sep 2022 16:46:00 -0700<\/strong><\/p>\n

Apple this week released urgent security updates<\/a> to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.<\/p>\n

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple\u2019s advisory\u00a0HT213428<\/a>\u00a0and apply the necessary updates<\/a>.<\/p>\n

Apple did not immediately respond to a request for comment on whether the vulnerabilities had come to its attention through active exploits, but its security update did say, \u201cApple is aware of a report that this issue may have been actively exploited.\u201d<\/p>\n

The software flaws are listed in the Common Vulnerabilities and Exposures (CVE) database<\/a>, a system funded by a division of the US Department of Homeland Security (DHS) to a ensure public disclosure of security vulnerabilities and exposures.<\/p>\n

\u201cThe issue is that if a web page is constructed in a certain way, it can cause code to execute on the device outside of the normal containment and effectively create a malware situation on the device that could compromise data, contacts, location, insert malicious SW, etc.,\u201d said Jack Gold, principal analyst at J. Gold Associates, LLC.<\/p>\n

\u201cSo it\u2019s a big deal,\u201d he added.<\/p>\n

The vulnerabilities affect the iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) and computers running older macOS versions.<\/p>\n

The fact that the issue affects that older group of devices \u2014 and not newer models \u2014 means that there are relatively few devices at risk, Gold noted. Even so, he said, anyone with one of the older devices should update as soon as possible.<\/p>\n

While a patch offered for older devices may seem unimportant, cybercriminals are particularly fond of older unpatched technology, especially if the vulnerability gives them complete control and the ability to gain access to other systems and services.<\/p>\n

\u201cAn attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability,\u201d Malwarebytes said\u00a0in a blog post<\/a> today. \u201cSince the vulnerability exists in Apple\u2019s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.\u201d<\/p>\n

The issue is fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. Apple is encouraging users to upgrade to the latest versions of its software<\/a>.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Lucas Mearian| Date: Thu, 01 Sep 2022 16:46:00 -0700<\/strong><\/p>\n

\n
\n

Apple this week released urgent security updates<\/a> to address zero-day vulnerabilities on older model iPhones, iPads, and iPods.<\/p>\n

The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple\u2019s advisory\u00a0HT213428<\/a>\u00a0and apply the necessary updates<\/a>.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,24585,10554,714,24580],"class_list":["post-20003","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-enterprise-mobile-management","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20003"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20003\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}