He urges people to update to iOS 15.6.1 straight away.
“A working WebKit RCE followed by a working kernel exploit, as seen here, typically provides all the functionality needed to mount a device jailbreak (therefore deliberately bypassing almost all Apple-imposed security restrictions), or to install background spyware and keep you under comprehensive surveillance,” says Duckin. There are hints that the flaws patched in iOS 15.6.1 would be used to perform a very targeted attack to install spyware on a device-typically used against high-profile targets such as dissidents and journalists. This could allow an attacker to spy on apps, access the data on your device, change your security settings, read your messages and activate your camera and mic. These are the sort of “administrative superpowers” normally reserved for Apple itself, Duckin explains. The second vulnerability patched in iOS 15.6.1, tracked as CVE-2022-32894, could allow an attacker who has already gained a basic foothold on an Apple device by exploiting the WebKit bug “to jump from controlling just a single app to taking over the operating system kernel itself.” “The vulnerability potentially affects many more apps and system components than just Apple’s own Safari browser.” He also warns that avoiding Safari won’t help. “Simply put, a cybercriminal could implant malware on your device even if all you did was view an otherwise innocent web page,” he says.
In a newly-published blog, Sophos principal research scientist Paul Ducklin explains how the CVE-2022-32893 flaw in WebKit, which underpins the Safari browser, could allow a “booby trapped web page” to trick iPhones, iPads and Macs into running unauthorised and untrusted software code. Security company Sophos has shed some light on how the patched iOS 15.6.1 flaws could have led to real-life attacks. So what are you waiting for? Go to your iPhone Settings > General > Software Update and download and install iOS 15.6.1 now. However, I recommend you make an exception and update to iOS 15.6.1-issues in the Kernel are about as bad as you can get, so it’s not worth taking the risk. Some people don’t like to update to iPhone versions straight away to wait for any bugs to be ironed out. Taking this into account, he recommends you update your iPhone to iOS 15.6.1 as soon as possible. He says it’s possible the two vulnerabilities “could be chained together to allow attackers to remotely gain full access to victims’ devices.” “Apple iOS 15.6.1 is an important update,” says independent security researcher Sean Wright.
0 kommentar(er)
