A pair of newly discovered security vulnerabilities will allow attackers to take control of your precious Macs and iPhones. The bad news: Apple fears they have already been used
iPhone, iPad and Mac users are urgently required to update their systems, this after Apple released an urgent security update to address a newly discovered 0Day vulnerability. The breach allowed the attackers to gain full access to the victims’ devices – Mac computers, iPhones and iPads – and take control of virtually everything done on them, including taking over the users’ personal accounts.
2 security weaknesses for the price of 1
Apple hasn’t revealed too many details about the security vulnerability, which has been given its own CVE number: CVE-2022-3289. According to the company, an attacker could exploit the weakness to gain access to the infected devices at the kernel level. In other words, the attackers could do whatever they wanted with the infected device, including stealing personal information and running whatever malicious code they wrote. The bad news is that Apple admits that the weakness may very well have already been exploited.
In addition to the update for this weakness, Apple released a security update for another weakness (CVE-2022-32893) – this time for WebKit, its browser engine, which is used by Safari on the desktop and on iOS, as well as other iOS apps such as Mail for example. According to Apple, an attacker who would take advantage of this weakness could inject any code he wanted into the infected device, and thus of course download other malware, gain admin access and more. The 2 weaknesses, by the way, were discovered by external security researchers, whose names were not disclosed by Apple, but apparently were well rewarded as part of the company’s bug bounty program.
Both weaknesses affect Mac computers running the macOS Monterey version 12.5.1 operating system, as well as iPhones – starting with the iPhone 6s and on; All iPad Pro models; iPad Air 2 and up; iPad 5th generation and later; iPad mini 4 and up; and an iPod touch (7th generation), if you still have that device for some reason.
To install these security updates, go to the Settings menu on your iPhone, then General and choose Software Update. You will find more details about the weaknesses here, and explanations about the software update here.
More such stories are waiting for you now
On the official Gigtime update channel