Apple fixes 2 zero-day bugs exploited to hack iPhones

Successful exploitation enables attackers to execute arbitrary code with kernel privileges on targeted devices by using a maliciously crafted app…reports Asian Lite News

Apple has fixed two new zero-day security vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads, in its latest software update.

According to BleepingComputer, the two zero-day security vulnerabilities were addressed in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1 with improved input validation and memory management.

The first security flaw is an IOSurfaceAccelerator that could lead to the corruption of data, a crash, or code execution.

Successful exploitation enables attackers to execute arbitrary code with kernel privileges on targeted devices by using a maliciously crafted app, said the report.

The second zero-day vulnerability is a WebKit that allows data corruption or arbitrary code execution when freed memory is reused.

An attacker can exploit this flaw by tricking targets into loading malicious web pages under their control, resulting in code execution on compromised systems.

Meanwhile, researchers have tracked 55 zero-day vulnerabilities that were exploited in 2022 by the hackers, mostly targeting Microsoft, Google and Apple products.

According to information security company Mandiant report, products of Microsoft, Google and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with the previous years, and the most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (six).

Apple stops signing iOS 16.3.1

After the release of iOS 16.4.1, Apple has stopped signing iOS 16.3.1 to prevent iPhone users from downgrading to that software version.

On February 13, iOS 16.3.1 was released as a minor update containing bug fixes, security improvements, and enhanced Crash Detection optimisations for iPhone 14 models, reports MacRumors.

To prevent consumers from downgrading to an outdated software version, Apple frequently removes signing older iOS releases over time.

The company does this to prevent users from installing unsafe versions of iOS while also ensuring that as many people as possible are using the most up-to-date APIs and features.

iOS 16.4 is expected to be unsigned later this month, so iPhone customers who want to downgrade to that version have a limited amount of time, said the report.

Meanwhile, Apple has now rolled out iOS 16.5 beta 1 to registered developers. The company also rolled out iPadOS 16.5 beta 1 to registered developers for beta testing.

“Update your apps to use new features, and test your apps against API changes,” Apple said in a release.

As the update rolls out, users will be able to install it by going to the Settings app, choosing General, and then choosing Software Update.

ALSO READ-YouTube rolls out ‘sleep timer’ in Music app

Tagged:

Leave a Reply

Your email address will not be published. Required fields are marked *