What Is Apple S New Serious Vulnerability And How Do You Protect Against It Science Tech News

The announcement came as Apple released a security update that would block the attack. To install this security update, you can go to the Settings app, then General, then Software Updates. The latest version of iOS and iPadOS is 15.6.1, while macOS is at 12.5.1. How did the attack work? According to Apple, the vulnerability could have been exploited by “editing web content”, meaning accessing a web page that contained malicious code. Any attacker who knew about the vulnerability – and how to exploit it – could, by directing a victim to such a website, be able to execute any code they wanted on the victim’s device. Usually devices restrict the kinds of code that can run on them to users with certain privilege levels – but this vulnerability allowed code to run with kernel privileges. The kernel is the core part of iOS. It has unrestricted access to all aspects of the operating system – meaning the attacker could have complete control over the victim’s device. Who was using it to attack people? Apple said it is aware of a report that the vulnerability may have been actively exploited. However, the company did not provide additional details. What is the risk to the general public? In the world of cyber security, the ability to execute code on a victim’s device simply by opening a web page is extremely rare and powerful. As a simple matter of supply and demand, the exploit could have been purchased for a lot of money – and if so, then it would likely have been used to attack a high-value target. Cyber ​​offensive tools like exploits for serious vulnerabilities like this don’t last forever. Once the vulnerability is discovered, then the software vendor can begin developing a fix for it – and any attempt to exploit the vulnerability risks revealing that it exists. This limited time in which a vulnerability can be exploited also affects the market dynamics for selling, buying and using such tools. All of this means that before the vulnerability was discovered by Apple — when it was a “zero-day” vulnerability because the vendor had zero days to develop the patch — it likely wouldn’t be used for general targeting. However, now that the vulnerability is publicly known, it could be that criminals are revising the security update and targeting members of the public who have not yet updated their devices. This is why it is so important to install the latest security updates. Who found this topic? The researcher who reported the vulnerability chose to remain anonymous. There could be any number of reasons why they did this, including simply not wanting the attention the exposure would bring. It could also possibly be that the researcher works for a company or government organization that was targeted through this vulnerability. If so, disclosing that they knew about the attack—attributing the disclosure to a name associated with the victim—could provide the attacker with some feedback about their offensive operation. Read more: GCHQ reveals why it keeps some software vulnerabilities secret Alternatively, it could be that the vulnerability was reported by a Western government with a vulnerability equity process, such as the UK’s National Cyber ​​Security Centre, part of GCHQ. Security and intelligence agencies may have needed to exploit the vulnerability, but after doing so, they chose to disclose it to Apple so it could be fixed. There is no evidence for any of the above scenarios, provided as a few examples of the different reasons the researcher may have chosen to remain anonymous.