kmiainfo: Update your phone now! Apple issues an urgent security update after discovering a bug that could expose the iPhone to attack! Update your phone now! Apple issues an urgent security update after discovering a bug that could expose the iPhone to attack!

Update your phone now! Apple issues an urgent security update after discovering a bug that could expose the iPhone to attack!

Update your phone now! Apple issues an urgent security update after discovering a bug that could expose the iPhone to attack! If you are using an iPhone, you will need to install the latest software update as soon as possible, as your device may be vulnerable to attack. Apple has deployed iOS 16.4.1 to all compatible phones, including the iPhone 8 and later. The update fixes two vulnerabilities that appeared in the previous software, iOS 16.4, which was released at the end of last month. This was also evident in older versions of Mac and iPad software, so Apple released macOS Ventura 13.3.1 and iPadOS 16.4.1 updates. According to Apple, the security flaws could have allowed hackers to infiltrate the device and "execute arbitrary code". This means that they can run any code they want on a target device without the owner's knowledge. This code can give them permission to access private data, control device functions and install malware. It could also allow them to control other devices connected to the network, or the Internet, to which the asset was connected. The vulnerabilities, dubbed CVE-2023-28206 and CVE-2023-28205, are what are known as "zero-day" flaws, meaning they were not known to Apple when the software was published. It also meant that devices running this software were vulnerable to attack, as the tech giant had not released a patch or security update to fix it. Apple said it is aware that CVE-2023-28206 and CVE-2023-28205 "may have been actively exploited" prior to the release of iOS 16.4.1, macOS Ventura 13.3.1, and iPadOS 16.4.1. CVE-2023-28206 was a "write out of bounds issue" within IOSurfaceAccelerator, the piece of software that manages pixel data. This means that a part of the memory was storing a lot of data, and therefore it started to be stored in the wrong place, which could cause problems. CVE-2023-28205 was "post-free use" within the WebKit web browser engine. This means that a program is trying to use or access something that was once stored in memory, but has already been freed. The flaws were discovered by Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill. According to BleepingComputer, these search groups are usually used by Apple to search for government-sponsored threat actors. It was therefore only likely to be exploited in the case of "highly targeted attacks" on politicians, journalists and high-risk individuals. Both of these issues are addressed by the iOS 16.4.1 update, as well as bugs that caused Siri to become unresponsive and blocked skin tone options for emoji. The latest software update, iOS 16.4, brought a host of new features, including the addition of 21 new emoji to the keyboard. Apple software updates aren't always easy, which explains why some people are reluctant to start with them when they're offered. Some of those who have updated to iOS 16.4 have complained that a system glitch is quickly draining the battery life of their devices.

If you are using an iPhone, you will need to install the latest software update as soon as possible, as your device may be vulnerable to attack.

Apple has deployed iOS 16.4.1 to all compatible phones, including the iPhone 8 and later.

The update fixes two vulnerabilities that appeared in the previous software, iOS 16.4, which was released at the end of last month.

This was also evident in older versions of Mac and iPad software, so Apple released macOS Ventura 13.3.1 and iPadOS 16.4.1 updates.

According to Apple, the security flaws could have allowed hackers to infiltrate the device and "execute arbitrary code".

This means that they can run any code they want on a target device without the owner's knowledge.

This code can give them permission to access private data, control device functions and install malware.

It could also allow them to control other devices connected to the network, or the Internet, to which the asset was connected. The vulnerabilities, dubbed CVE-2023-28206 and CVE-2023-28205, are what are known as "zero-day" flaws, meaning they were not known to Apple when the software was published.

It also meant that devices running this software were vulnerable to attack, as the tech giant had not released a patch or security update to fix it.

Apple said it is aware that CVE-2023-28206 and CVE-2023-28205 "may have been actively exploited" prior to the release of iOS 16.4.1, macOS Ventura 13.3.1, and iPadOS 16.4.1.

CVE-2023-28206 was a "write out of bounds issue" within IOSurfaceAccelerator, the piece of software that manages pixel data.

This means that a part of the memory was storing a lot of data, and therefore it started to be stored in the wrong place, which could cause problems.

CVE-2023-28205 was "post-free use" within the WebKit web browser engine.

This means that a program is trying to use or access something that was once stored in memory, but has already been freed.

The flaws were discovered by Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill.

According to BleepingComputer, these search groups are usually used by Apple to search for government-sponsored threat actors.

It was therefore only likely to be exploited in the case of "highly targeted attacks" on politicians, journalists and high-risk individuals.

Both of these issues are addressed by the iOS 16.4.1 update, as well as bugs that caused Siri to become unresponsive and blocked skin tone options for emoji.

The latest software update, iOS 16.4, brought a host of new features, including the addition of 21 new emoji to the keyboard.

Apple software updates aren't always easy, which explains why some people are reluctant to start with them when they're offered.

Some of those who have updated to iOS 16.4 have complained that a system glitch is quickly draining the battery life of their devices.
Tags:

Post a Comment

Previous Post Next Post