Celebrating World Wide Web Day: A Cyber Security Reminder
As we celebrate World Wide Web Day, it’s essential to reflect on how the internet has transformed our lives, connecting us to information, people, and…
Apple Releases Patches for Critical Zero-Day Vulnerabilities
Apple has released security updates for a zero-day vulnerability that affects both the kernel and WebKit (Apple’s web browser engine that powers Safari) iOS devices and could allow an attacker to execute code remotely. Tracked as CVE-2022-32893 and CVE-2022-32894, this vulnerability affects almost all newer iOS products. Apple has warned that “this issue may have been actively exploited” in a security advisory released alongside the update.
As this vulnerability affects the engine used in Apple’s Safari browser, attackers can use malicious websites to gain kernel-level access to a vulnerable system, allowing them to take full control of a device at an administrator level. Security experts have warned that a successful exploit could allow a hacker to spy on, download and start apps, access all device data, activate the camera and microphone, and track your browser and location data, among countless other possibilities.
Preventions:
Update all Apple devices as soon as possible. For iPhones or iPads, you can do this by going to Settings > General > Software Update, and on Macs, you can do this by going to the Apple menu > About this Mac > Software Update.
Affected Systems:
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS Monterey, macOS Big Sur, and macOS Catalina.
Related Links:
https://support.apple.com/en-gb/HT213412 – Published August 17th
https://support.apple.com/en-us/HT213413 – Published August 17th
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/ – Published August 16th
https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/ – Published August 18th
https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/ – Published August 18th
https://www.bbc.co.uk/news/technology-62602909 – Published August 19th
Related articles
Key insights from Cyber UK 2024: Why this event could enhance your Cybersecurity Strategy
With constant threats, the importance of cybersecurity is greater now than ever. This is why the Cyber and Fraud Centre Scotland is proud to host…
Getting Started with the Cyber and Fraud Centre Threat Intel App
Welcome to the Cyber and Fraud Centre Threat Intelligence app! If you’ve already downloaded the app but are unsure how to begin, this guide is…