Apple

Apple patches double zero-day exploits – update now – In The News

Apple has pushed an emergency update to all iPhone, iPad and Mac users to fix TWO security vulnerabilities that – according to Apple – are already being exploited by criminals.

Our regular readers will know that if the bad guys are already exploiting the vulnerabilities then they’re known as “zero-day” vulnerabilities – the “bad guys” are already using them before the “good guys” were aware they existed.

The first security vulnerability is called a RCE vulnerability, which stands for Remote Code Execution. The vulnerability affects any Internet browser on Apple mobile devices, even if it’s not the inbuilt Safari browser, and allows a crook to launch an attack on an Apple device even if the owner merely visits an infected webpage. We also call that type of exploit a drive-by attack or a zero-click attack.

A second vulnerability, known as a privilege elevation exploit, can allow a crook to obtain administrative powers on a device. It could also be used in conjunction with the first RCE vulnerability.

That means that the first vulnerability affecting the Internet browser could allow a crook to get a foothold into a device. They could then use the second “privilege elevation” vulnerability to extend their foothold into full control of a device.


Sponsored Content. Continued below...




All-in-all, the pair of vulnerabilities could afford an attacker full control of a device when the owner merely visits an infected website. That’s as serious as it gets in cybersecurity land.

Thankfully, Apple already has some software patches to fix this issue. iOS can be updated to 15.6.1. MacOS (Monterey) can be updated to 12.5.1.

We strongly recommend updating straight away via your usual method. If you have updates set to install automatically it is still worth checking that the updates have been applied (Settings > General > Software Update.)

Share
Published by
Craig Haley