Connect with us

Hi, what are you looking for?

News

Apple Issues Emergency Updates to iPhones After Exploits Found

Apple released iOS 16.4.1 on April 7, about two weeks after the firm released its previous update to the operating system. The update was deployed to fix vulnerabilities that could be actively exploited.

While the tech giant didn’t offer many details about the fixes, it said that the bugs, tracked as CVE-2023-28205 and CVE-2023-28206, were fixed in its latest update, according to an Apple support page.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page,” Apple states on its website.

Security firm Sophos, in describing the fix as an “emergency patch,” said that CVE-2023-28205 is a “hole in Webkit,” or the engine of the Safari browser, that can allow a compromised website to “give cybercriminals control over your browser, or indeed any app that uses WebKit to render and display HTML content.” A number of apps and browsers—not just Safari—use WebKit.

“Apple’s own Safari browser uses WebKit, making it directly vulnerable to WebKit bugs,” it said. “Additionally, Apple’s App Store rules mean that all browsers on iPhones and iPads must use WebKit, making this sort of bug a truly cross-browser problem for mobile Apple devices.”

The second bug, CVE-2023-28206, involves a security hole in IOSurfaceAccelerator that can allow an app to execute code with kernel privileges, meaning an attacker can target the core of the code in iOS if it isn’t patched.

“This bug allows a booby-trapped local app to inject its own rogue code right into the operating system kernel itself. Kernel code execution bugs are inevitably much more serious than app-level bugs, because the kernel is responsible for managing the security of the entire system, including what permissions apps can acquire, and how freely apps can share files and data between themselves,” Sophos wrote.

Malwarebytes, another security firm, said that if an attacker can gain access to iOS kernel privileges, it’s a “serious matter” because those individuals could have “more than administrator privileges.” It means that a malign actor can gain “complete and unrestricted access to the underlying hardware via the security flaw.”

In each of the two cases, Apple stated on its website that it was “aware of a report that this issue may have been actively exploited.” Users should update their iPhones, iPads, MacBooks, and other Apple devices that use iOS 16.4 as soon as possible, Sophos and other security researchers say.

“You may already have been offered the update by Apple; if you haven’t been, or you were offered it but turned it down for the time being, we suggest forcing an update check as soon as you can,” Sophos said.

Consumers can manually update to the latest version on their iPhones or iPads by going to Settings, General, and Software Update. Then, they should click Download and Install, follow the prompts, and wait for the phone to restart.

On Mac laptops and desktop computers, it’s similar. Users can open the Apple menu and choose System Settings before going to General and then clicking on Software Update.

Other Updates

iOS 16.4 and now iOS 16.4.1 run on all iPhones starting from the iPhone 8 and later, according to Apple’s website. Apple also released iOS 15.7.4 for iPhones that are older last month.

About a week ago, Apple implemented updates to its iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, Safari 16.4, Studio Display Firmware Update 16.4, watchOS 9.4, tvOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, and macOS Ventura 13.3 upgrades on Monday. The update covers all models of iPhone 6s, iPhone 7s, the first generation iPhone SE, iPad Air 2, later iPad Minis, and the seventh generation iPod touch.

READ 1 COMMENT
  • John says:

    I can’t believe how clueless people are to the signs it’s right in front of their face apple and all its demonic luciferian scumbags who design and made the Apple products are in the luciferian satanic mindset look what they use for a symbol an apple with a bite out of it which relates to the first original sin and evil against God the Apple that was bitten in the Garden of Eden by Eve, they leave Clues and hints cuz people are never paying attention so how demonic their companies and organizations really are, that’s why God says people will be fooled In The End by King the Antichrist is the real Christ because he will do trickery and sorcery to convince them

  • TOP STORIES

    News

    There were allegations aplenty at a Wednesday hearing on the federal tax charges against Hunter Biden, but what bothered U.S. District Judge Mark Scarsi...

    News

    Abby and Brittany Hensel, who documented their lives in a TLC reality series, have transitioned from a duo to a trio. Abby, the left-side...

    News

    Georgia’s Fulton County District Attorney Fani Willis, who is leading a 2020 election interference case against former President Donald Trump and his allies, issued...

    News

    Federal authorities raided rapper Sean “Diddy” Combs’ homes in Los Angeles and Miami on Monday and seized a number of electronic devices amid allegations...

    >