Getting Started with the Cyber and Fraud Centre Threat Intel App
Welcome to the Cyber and Fraud Centre Threat Intelligence app! If you’ve already downloaded the app but are unsure how to begin, this guide is…
Apple Releases Patches for Critical Zero-Day Vulnerabilities
Apple has released security updates for a zero-day vulnerability that affects both the kernel and WebKit (Apple’s web browser engine that powers Safari) iOS devices and could allow an attacker to execute code remotely. Tracked as CVE-2022-32893 and CVE-2022-32894, this vulnerability affects almost all newer iOS products. Apple has warned that “this issue may have been actively exploited” in a security advisory released alongside the update.
As this vulnerability affects the engine used in Apple’s Safari browser, attackers can use malicious websites to gain kernel-level access to a vulnerable system, allowing them to take full control of a device at an administrator level. Security experts have warned that a successful exploit could allow a hacker to spy on, download and start apps, access all device data, activate the camera and microphone, and track your browser and location data, among countless other possibilities.
Preventions:
Update all Apple devices as soon as possible. For iPhones or iPads, you can do this by going to Settings > General > Software Update, and on Macs, you can do this by going to the Apple menu > About this Mac > Software Update.
Affected Systems:
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS Monterey, macOS Big Sur, and macOS Catalina.
Related Links:
https://support.apple.com/en-gb/HT213412 – Published August 17th
https://support.apple.com/en-us/HT213413 – Published August 17th
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/ – Published August 16th
https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/ – Published August 18th
https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/ – Published August 18th
https://www.bbc.co.uk/news/technology-62602909 – Published August 19th
Related articles
App set to give users real-time cyber alerts launches this CyberScotland Week
This CyberScotland Week the nation’s leading institution for building cyber resilience, the Cyber and Fraud Centre – Scotland, is unveiling a new app which will…
Cyber and Fraud Centre – Scotland set to share cyber security knowledge in the capital during CyberScotland week
Cyber and Fraud Centre will host three free events as part of CyberScotland Week in Edinburgh on the 29th of February and 7th March, 14th…