
Cyber Security – It’s Everyone’s Responsibility, Especially at the Top
If there’s one message I want to hammer home, it’s this – cyber security is not just an IT issue. Yet, in many public and…
Apple has released security updates for a zero-day vulnerability that affects both the kernel and WebKit (Apple’s web browser engine that powers Safari) iOS devices and could allow an attacker to execute code remotely. Tracked as CVE-2022-32893 and CVE-2022-32894, this vulnerability affects almost all newer iOS products. Apple has warned that “this issue may have been actively exploited” in a security advisory released alongside the update.
As this vulnerability affects the engine used in Apple’s Safari browser, attackers can use malicious websites to gain kernel-level access to a vulnerable system, allowing them to take full control of a device at an administrator level. Security experts have warned that a successful exploit could allow a hacker to spy on, download and start apps, access all device data, activate the camera and microphone, and track your browser and location data, among countless other possibilities.
Preventions:
Update all Apple devices as soon as possible. For iPhones or iPads, you can do this by going to Settings > General > Software Update, and on Macs, you can do this by going to the Apple menu > About this Mac > Software Update.
Affected Systems:
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), macOS Monterey, macOS Big Sur, and macOS Catalina.
Related Links:
https://support.apple.com/en-gb/HT213412 – Published August 17th
https://support.apple.com/en-us/HT213413 – Published August 17th
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/ – Published August 16th
https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/ – Published August 18th
https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/ – Published August 18th
https://www.bbc.co.uk/news/technology-62602909 – Published August 19th