{"id":25384,"date":"2024-10-29T06:10:08","date_gmt":"2024-10-29T14:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/10\/29\/news-19114\/"},"modified":"2024-10-29T06:10:08","modified_gmt":"2024-10-29T14:10:08","slug":"news-19114","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/10\/29\/news-19114\/","title":{"rendered":"Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities"},"content":{"rendered":"\n<p>Apple has <a href=\"https:\/\/support.apple.com\/en-us\/121563\">released<\/a> security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS. <\/p>\n<p>Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can.<\/p>\n<p>To check if you\u2019re using the latest software version, go to <strong>Settings &gt; General &gt; Software Update<\/strong>. It\u2019s also worth turning on Automatic Updates if you haven\u2019t already, which you can do on the same screen.<\/p>\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"943\" height=\"1325\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Update_options.png?w=729\" alt=\"Update options on iPadOS\" class=\"wp-image-119797\" \/><figcaption class=\"wp-element-caption\">Update options<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details\">Technical details<\/h2>\n<p>Noteworthy are four vulnerabilities in Siri and another vulnerability in Accessibility which would allow an attacker with physical access to view sensitive user information. This may not seem very urgent at first, but if your device gets stolen then the thief can learn things about you which is far from ideal.<\/p>\n<p>These are some of the vulnerabilities that jumped out at us.<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-44274\">CVE-2024-44274<\/a>: a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1 with improved authentication.<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-44282\">CVE-2024-44282<\/a>: a vulnerability in Foundation where parsing a file could lead to disclosure of user information. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1 by improved input validation. Foundation serves as a fundamental framework that offers a base layer of functionality for Apple&#8217;s operating systems. Among others it\u2019s responsible for file system access.<\/p>\n<p><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40867\">CVE-2024-40867<\/a>: a vulnerability in iTunes caused by a custom URL scheme handling issue that could be used by an attacker to break out of Web Content sandbox. This issue is fixed in iOS 18.1 and iPadOS 18.1 by improved input validation. Breaking out of the Web Content sandbox allows a malicious website or attacker to potentially access sensitive data, control other parts of the system, and compromise the overall security of the device beyond the intended limitations of the web browser.<\/p>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/update-your-iphone-mac-watch-apple-issues-patches-for-several-vulnerabilities\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32077,32078,32079,32080,32,11304],"class_list":["post-25384","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2024-40867","tag-cve-2024-44274","tag-cve-2024-44282","tag-ios-ipados","tag-news","tag-update"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25384"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25384\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}