1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple releases security fix for iPhone and Mac zero-day flaw, so

    From TechnologyDaily@1337:1/100 to All on Tue Feb 14 10:45:04 2023
    Apple releases security fix for iPhone and Mac zero-day flaw, so update now

    Date:
    Tue, 14 Feb 2023 10:29:31 +0000

    Description:
    Two serious Apple security flaws found and fixed, with users urged to update immediately.

    FULL STORY ======================================================================

    Apple has fixed two high-severity security flaws that allowed threat actors
    to run arbitrary code on vulnerable devices, potentially letting them steal sensitive contentor even hijack the entire device.

    The first one, tracked as CVE-2023-23514, is a Use After Free Issue, enabling hackers to execute arbitrary code with kernel privileges, affecting iPhones 8 and later, all iPad Pro models, iPad Air 3rd generation and newer, iPad 5th generation and later, and iPad mini 5th generation and later devices.

    The flaw was discovered by Xinru Chi of Pangu Lab, and Ned Williamson of Google Project Zero, and was reportedly fixed with better memory management. Updating the OS

    The second flaw, tracked as CVE-2023-23529, was found in WebKit, Apples browser engine used in its Safari offering.

    It was a type confusion issue, fixed with improved checks, as by processing maliciously crafted web content, the device could end up allowing arbitrary code execution by third parties, Apple explained.

    The flaw, which Apple says was discoverd by an anonymous researcher, affected iPhones 8 and newer, all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
    devices. Read more

    WebKit security flaw on both iOS and macOS still unpatched by Apple despite
    available fix


    More web browser variety may be coming to iOS, leak suggests


    These are the best firewalls around

    Apple confirmed that both flaws are being actively exploited, meaning that hackers are aware of the issues and are using them to gain access to devices and steal valuable content.

    Therefore, it is paramount that users apply the fixes as soon as possible,
    and upgrade to iOS 16.3.1 and iPadOS 16.3.1.

    Apples browser engine, WebKit, is a popular attack vector for hackers looking to breach Apple devices, as it potentially allows access to the rest of the devices data.

    In 2022, Apple patched nine iOS bugs that may have been actively exploited, four of which were found in WebKit, TechCrunch reported. Of the others, three were found in the kernel, one in AppleAVD, and one in IOMobileFrameBuffer. Check out the best identity theft protection solutions right now

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/apple-releases-security-fix-for-iphone-and-mac- zero-day-flaw-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)