1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple just patched a pair of dangerous iOS and macOS security iss

    From TechnologyDaily@1337:1/100 to All on Mon Apr 10 14:30:03 2023
    Apple just patched a pair of dangerous iOS and macOS security issues, so update now

    Date:
    Mon, 10 Apr 2023 13:20:24 +0000

    Description:
    Two zero-days were found exploited in the wild, possibly by government-sponsored attackers.

    FULL STORY ======================================================================

    Apple has fixed two zero-day flaws that were being actively exploited against users with iPhones, Macs, and iPad devices.

    The flaws could have allowed threat actors to take over victim's devices, giving them full access to the endpoints , experts said.

    "Apple is aware of a report that this issue may have been actively
    exploited," the Cupertino giant said in an advisory published with the fixes. Long list of affected devices

    The two flaws are being tracked as CVE-2023-28206 and CVE-2023-28205. The former is an IOSurface out-of-bounds write vulnerability that allowed threat actors to corrupt data, crash apps, and devices, and remotely execute code. Worst case scenario - a threat actor could push a malicious app allowing them to execute arbitrary code with kernel privileges on the target endpoint.

    The latter is a WebKit use after free vulnerability with similar consequences - data corruption and arbitrary code execution. For this flaw, the worst-case scenario is to trick victims into visiting a malicious website, resulting in remote code execution.

    The flaws were addressed in the release of iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1, so if youre worried about these vulnerabilities, make sure to bring your systems to the latest version as
    soon as possible.

    Apple released a list of vulnerable devices, including the iPhone 8 and
    newer, all iPad Pros, iPad Air 3d generation and newer, iPad 5th generation and newer,iPad mini 5th generation and newer, and all macOS Ventura devices. Read more

    Apple Safari patched to fix potentially dangerous zero-day flaws


    There's a major new security update for iOS and macOS, so update now


    Here's our list of the best identity theft protection tools around

    Apple did say it was aware of threat actors abusing the zero-days in the
    wild, but did not discuss the details. However, BleepingComputer speculates that the attackers might be state-sponsored, given the fact that the flaws were discovered by researchers usually hunting for government-sponsored players.

    The researchers that found the flaws are Clment Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill of Amnesty International's Security Lab. The flaws were being used as part of an exploit chain, it was said. Stay protected online with these best endpoint security software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/apple-just-patched-a-pair-of-dangerous-ios-and- macos-security-issues-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)