8/3/2023 0 Comments Apple security update![]() ![]() ![]() The issue, tracked as CVE-2023-23529, was initially addressed as a zero-day in mid-February, with the release of iOS and iPadOS 16.3.1 and macOS Ventura 13.2.1. Apple Watch users should update to watchOS 8.4. Apple this week announced fresh security updates for macOS and iOS, including patches that address an exploited vulnerability in older iPhone models. Apple issued the updates for its newer slate of iPhones and iPads, as well as for older ones as well. How to get it Updating is easy: open the Settings app on the device and. 1 day ago &0183 &32 Apple issues security updates to patch vulnerabilities What we know: Apple has released a series of security updates to patch vulnerabilities across a slate of its devices. For iOS, iPadOS, and tvOS, the update is version 15.3. Apple iOS 16.4 runs on all iPhones from iPhone 8 onwards, and this update includes features relevant to all those handsets. Users and administrators running Macs should update to Monterey 12.2, Big Sur 11.6.3 and Catalina 2022-001. Apple also fixed CVE-2022-22590 in WebKit and CVE-2022-22584 in ColorSync. The tech giant does not adhere to a set patch schedule in the way that Microsoft or Google do, but still posts several major firmware updates for its mobile and desktop devices every year.įor macOS Monterey and iOS 15.3, Apple's latest releases, the flaw is one of three code execution bugs addressed. The zero-day bug is part of a larger set of updates Apple has posted to address various security flaws in its platforms. Tap Download and Install Follow the prompts and wait for your phone to restart. ![]() Apple did not provide details on how widespread the exploitation is at the moment. Here’s how to get the latest iOS update on your iPhone or iPad: Open Settings. While Apple did not provide details as to how the vulnerability was being exploited, in the context of iOS such zero-day code execution flaws are often used to unlock or jailbreak phones.Īdministrators should note that an exploit of CVE-2022-22587 would require the attacker to already be running local code on the device, either through a forced installation or through social engineering, such as tricking the target with a fake application. Credit for the discovery was shared between an anonymous researcher, Meysam Firouzi from the Mercedes-Benz Innovation Lab, and Siddharth Aeri. The vulnerability allows an already-installed application to gain root code execution privileges on a vulnerable device. The bug is already under active exploitation in the wild, according to Apple's advisory published Wednesday. First and foremost on the patch list is CVE-2022-22587, a zero-day vulnerability in the IOBuffer component for iOS and pre-Catalina versions of macOS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |