Tech

What is Apple’s new critical security hole and how can you protect yourself from it? | Science & Technology News


Apple has announced the discovery of a critical iPhone, iPad, and Mac security vulnerability that could potentially allow attackers to take complete control of a victim’s device.

Notice come like Apple released a security update that could prevent the attack from taking place.

To install this security update, you can go to Settings app, then General, then Software Update.

The latest versions of iOS and iPadOS are 15.6.1, while macOS is 12.5.1.

Apple iPhone Messages

How did the attack work?

According to Apple, the vulnerability could have been exploited by “web content processing”, that is, accessing a website containing malicious code.

Any attacker who knows about the vulnerability – and how to exploit it – by directing the victim to such a website, can execute any code they want on the victim’s device.

Normally, devices restrict the types of code that can run on them to users with specific privilege levels – but this vulnerability allows code to be executed with kernel privileges.

The kernel is the core part of iOS. It has unrestricted access to all aspects of the operating system – meaning an attacker can have full control over the victim’s device.

A girl walks past the Apple logo outside an Apple store in Shanghai, China on Monday, July 2, 2012. Apple paid $60 million to settle a dispute in China over ownership of the iPad name. , a court announced Monday, removing a potential impediment to sales of the popular tablet in the key market China.  (AP Photo) CHINA OUT

Who used it to attack people?

Apple said it was aware of a report that the vulnerability may have been actively exploited.

However, the company did not provide any additional details.

Apple iPad

What is the risk to the public?

In the world of cybersecurity, the ability to execute code on a victim’s device simply by making them open a website is extremely rare and powerful.

As a simple matter of supply and demand, the mining could have been bought with a lot of money – and if so, it could have been used to attack a high-value target.

Cyberattack tools like exploiting critical vulnerabilities like this don’t last forever.

As soon as a vulnerability is discovered, software vendors can begin developing a fix for it – and any attempt to exploit the vulnerability carries the risk of revealing that it exists.

The limited time period within which the vulnerability can be exploited also affects the market dynamics to sell, buy, and use such instruments.

All of this means that before the vulnerability is discovered by Apple – when it’s a “zero day” vulnerability because the vendor doesn’t have a day to develop a patch – it likely won’t be used for the intended purpose. common spending.

However, now that the vulnerability has been made public, it’s possible that criminals have reverse engineered the security update and targeted members of the public who haven’t updated their devices.

This is why it’s so important to install the latest security updates.

CUPERTINO, CA - OCTOBER 16: The Touch ID pad is seen on the new iPad Mini 3 during a special Apple event on October 16, 2014 in Cupertino, California.  Apple introduced new iPad Air 2 and iPad Mini 3 tablets and iMac with 5K retina display.  (Photo by Justin Sullivan / Getty Images)

Who found this problem?

The researcher who reported the vulnerability chose to remain anonymous.

There could be a number of reasons for them to do so, including that they simply don’t want the attention the report will bring them.

It is also possible that a researcher working for a company or government organization was targeted through this vulnerability.

If so, disclosing that they were aware of the attack – by attributing the disclosure to a victim-related name – could give the attacker some feedback on their attack activity.

Read more: GCHQ Reveals Why It Keeps Some Software Vulnerabilities Secret

Alternatively, it is possible that the vulnerability was reported by a Western government with a vulnerability recognition process, such as the UK’s National Cyber ​​Security Center, a division of GCHQ .

It is possible that security and intelligence agencies had a need to exploit the vulnerability, but then they chose to disclose it to Apple so it could be fixed.

There is no evidence for any of the above, they are provided as some examples of the different reasons the researcher may have chosen to remain anonymous.



Source link

news7h

News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button