Here are some of the most significant security fixes: iPhone and iPadĪpple updated its mobile device OSes this week as well: as iOS 15.4 and iPadOS 15.4. The updates address many of the same vulnerabilities as the macOS Monterey 12.3 update.Īs always, we would encourage all users to update their systems as soon as possible. The older OSes were updated as macOS Big Sur 11.6.5 and Security Update 2022-003 Catalina. A number of AppleScript vulnerabilities that could have caused crashes, code execution, or memory security issues.Īpple has released updates for macOS Big Sur and macOS Catalina as well.WebKit bugs that could have led to code execution after processing malicious web content.Several separate kernel vulnerabilities that could have resulted in privilege escalation, denial of service attacks, or arbitrary code execution.A FaceTime issue that could have led to a user sending video or audio during a FaceTime call without knowing it.A BOM bug that could have allowed a malicious ZIP archive to bypass Gatekeeper. If you’re on macOS Monterey, Apple has updated your OS to version 12.3. Mac users received some important security updates this time around. Here’s a rundown of the security highlights from this round of updates: Mac In addition to adding new features and introducing some UI/UX improvements, Apple’s engineers have also addressed quite a few security vulnerabilities. If Apple follows up these patches with related updates to any of its other products, we’ll let you know.įollow on Twitter for the latest computer security news.Apple has released updates for all of its OSes. Use Settings > General> Software Update on iPhones and iPads, and Apple menu > About this Mac > Software Update… on Macs. We already forced an update on our iPhone the download was small and the update went through quickly and apparently smoothly. Whatever Apple’s reason for rushing out this mini-update so quickly after its last patches, why wait? (Technically, a not-yet-exploited vulnerability that you discover due to bug-hunting hints plucked from the cybersecurity grapevine isn’t actually a zero-day if no one has figured out how to abuse the hole yet.) What to do? Or perhaps the bugs were uncovered by Google because someone from outside the company suggested where to start looking, thus implying that the vulnerabilities were already known to potential attackers even though they hadn’t yet figured out how to exploit them? More dramatically, perhaps Apple concluded that the way Google found these bugs was sufficiently obvious that someone else might easily stumble upon them, perhaps without even really meaning to, and begin using them for bad? …perhaps Apple felt that these bugs were too broadly dangerous to leave unpatched for long? Neither bug is reported with Apple’s typical zero-day wording along the lines that the company “is aware of a report that this issue may have been actively exploited”, so there’s no suggestion that these bugs are zero-days, at least inside Apple’s ecosystem.īut with just two bugs fixed, just two weeks after Apple’s last tranche of patches, perhaps Apple thought these holes were ripe for exploitation and thus pushed out what is essentially a one-bug patch, given that these holes showed up in the same software component?Īlso, given that parsing XML data is a function performed widely both in the operating system itself and in numerous apps given that XML data often arrives from untrusted external sources such as websites and given the bugs are officially designated as ripe for remote code execution, typically used for implanting malware or spyware remotely…
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |