This is likely used as the entry point for an attack, meaning the attack is likely to be initiated by visiting a malicious website, Nickle said. Robert Nickle, staff security intelligence engineer at Lookout, explained that the first bug is in “webkit” - the engine of the web browser on iOS. The vulnerabilities give an attacker the highest privileges in macOS, iPadOS, and iOS - effectively full control of a device. In an emergency patch announced this week, Apple relea s ed very little information about the bugs, only saying they were submitted anonymously and giving them CVE entries – CVE-2022-32894 and CVE-2022-32893.Īpple said some iPod models, the iPhone 6S and later models, several models of the iPad, all iPad Pro models and the iPad Air 2 as well as all Mac computers running MacOS Monterey are affected by the bugs. This is the second emergency update for iPhones and iPads this month, following a patch earlier in March that fixed a different WebKit flaw.Īpple said this new issue "was addressed by improved management of object lifetimes," although we really can only guess at what that means.Ĭredit for finding the flaw was given to Clément Lecigne and Billy Leonard, both researchers in Google's Threat Analysis Group.Apple said hackers are actively exploiting two zero-day vulnerabilities in iPhones, iPads and Macs. That would be very bad indeed, as it means that ne'er-do-wells can embed code in websites that can redirect you to malicious websites or even steal information, such as passwords or credit-card numbers, from your browser.
The flaw lets a malicious website or web page spark "universal cross-site scripting" in WebKit, says Apple. If an update appears, then click Download and Update. Locate the iPhone's page in either Finder or iTunes, click General or Settings, then click Check for Update. On Macs running macOS 10.14 Mojave or earlier, open iTunes, where the iPhone should appear.
On Macs running macOS 10.15 Catalina or later, the phone should pop up in Finder. If there's no Wi-Fi available, you can tether your iDevice to a previously "trusted" computer using a USB cable. You can also force a update by making sure your device is connected to the internet over a local Wi-Fi network, then going to Settings > General > Software Update and tapping Download and Install.
0 kommentar(er)
