1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple's recent zero-days patch is now available for older devices

    From TechnologyDaily@1337:1/100 to All on Tue Apr 11 11:30:03 2023
    Apple's recent zero-days patch is now available for older devices

    Date:
    Tue, 11 Apr 2023 10:15:00 +0000

    Description:
    Older iPhones now safe from bugs exploited in the wild that give attackers keys to the kingdom

    FULL STORY ======================================================================

    Apple has now backported a fix for two major zero-days - which are allegedly being exploited in the wild - to older devices.

    Now, all iPhone 6s models and newer, as well as many older iPad models, are protected from two vulnerabilities that were said to give threat actors full access to the vulnerable endpoints.

    The two flaws are being tracked as CVE-2023-28206 and CVE-2023-28205. The first is an IOSurface out-of-bounds write vulnerability that allowed threat actors to corrupt data, crash apps and devices, and remotely execute code. Worst case scenario - a threat actor could push a malicious app allowing them to execute arbitrary code with kernel privileges on the target endpoint . Older smartphones

    The second is a WebKit with similar consequences - data corruption and arbitrary code execution. For the exploit, the aim is to trick victims into visiting a malicious website which results in remote code execution. Read
    more

    Apple Safari patched to fix potentially dangerous zero-day flaws


    There's a major new security update for iOS and macOS, so update now


    Here's our list of the best identity theft protection tools around

    Now, besides iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1 being safe from these bugs, updates have also made it to older devices sporting iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6.

    This means that the following devices are now covered: all iPhone 6s models, all iPhone7 models, first generation iPhone SE, iPod Air 2, 4th generation iPad mini, 7th generation iPod touch, and all Macs powered by macOS Monterey and Big Sur.

    Apple did say it was aware of threat actors abusing the zero-days, but did
    not discuss the details. However, BleepingComputer speculates that the attackers might be state-sponsored, given the fact that the flaws were discovered by researchers usually hunting for government-sponsored players.

    The researchers that found the flaws are Clment Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill of Amnesty International's Security Lab. The flaws were being used as part of an exploit chain, it was said. Eliminate threats on your system with the best malware removal

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/apples-recent-zero-days-patch-is-now-available- for-older-devices


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)