iPhone Users Urged to Update to Patch 2 Zero-Days | Threatpost

September 30, 2022 Posted by: Talha Ismail

Looking for:

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities.Apple security flaw ‘actively exploited’ by hackers to fully control devices | Apple | The Guardian

Click here to Download

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones. A zero-day vulnerability is detected only when an attack takes place exploiting one, or when companies discover them and issue fixes. Zero-day.


Apple just fixed zero-day iPhone flaw with iOS — update now | Tom’s Guide.Urgent update for macOS and iOS! Two actively exploited zero-days fixed


Successful exploitation can then lead to complete control of the target system, data destruction, or exfiltration of sensitive information. The second is CVE The vulnerability could be exploited by a malicious application to execute arbitrary code with the highest privileges by writing data past the end of the intended buffer leading to corruption of data, crashing of the kernel, or code execution within the kernel.

Further, we advise users to enable their automatic software updates. Since the start of the year, Apple has seen six zero-day vulnerabilities including the two today. CVE was a malicious application that was potentially able to execute arbitrary code with kernel privileges. In WebKit, CVE processed maliciously crafted web content that could lead to arbitrary code execution. And finally, there was the AppleAVD vulnerability. Both vulnerabilities are seeing significant interest by cyber threat researchers and will likely be a target for attackers over the next few days.

The race is on to patch and remediate these vulnerabilities within your organization. Automox recommends patching macOS to Monterey Tracked as CVE, one way an attacker could achieve that initial foothold is by exploiting the aforementioned WebKit flaw, according to researchers at Sophos.

Such privileges could afford an attacker the ability to carry out activities such as spying on apps, accessing nearly all data on the device, retrieving locations, using cameras, taking screenshots, activating the microphone, and more, he said. Like the WebKit flaw, the code required to exploit this vulnerability would have to be embedded within a maliciously crafted web page and executed after the WebKit vulnerability had already been exploited.

Reduce risk and deliver greater business success with cyber-resilience capabilities. This zero-day also affects all the aforementioned iPhone and iPad devices, in addition to Macs running macOS Monterrey.

Both issues were caused by an out-of-bounds write issue and were addressed by improving the bounds checking of the vulnerable components.

The two vulnerabilities patched by Apple on Wednesday represent the sixth and seventh zero-day exploits that Apple has been forced to fix this year. The company also patched a swathe of zero-day vulnerabilities in including the ForcedEntry exploit used by the notorious Pegasus spyware developed by NSO Group. Cost savings and business benefits enabled by Watson Assistant. Moving forward with your enterprise application portfolio. Discover the industry-leading AI platform that customers and employees want to use.

Why convenience is the biggest threat to your security. How to incorporate password protection into your security strategy. IT Pro is supported by its audience.


© Copyright 2021. All Rights Reserved. Design & Developed by Jump