This week, Apple published operating system updates for iPhones, iPads, and Macs that aim to close two critical security holes that may allow hackers to seize total control of the device. Rajeev Chandrasekhar, Minister of state for Electronics and IT, tweeted on Friday morning, August 19, “Update your iPhones with 15.6.1 to avoid zero-day exploit vulnerabilities @IndianCERT @GoI MeitY.” In response to two active zero-day attacks, Apple provides security updates for iOS, iPadOS, and macOS.
According to the Apple website’s security update report, an application might be able to run any arbitrary code with “kernel” access. The heart of an operating system’s code is called the kernel. If a hacker were to gain access to this, they may have complete control over both the hardware and software of a target device.
The WebKit, the engine that drives Apple’s Safari web browser and other apps, was the subject of the second bug. According to Apple, the WebKit problem might be used against users if they view or execute “maliciously generated online content [that] may result in arbitrary code execution” on a susceptible device.
These are essentially flaws in a certain piece of software that not even the creator is aware of. A zero-day vulnerability is only discovered when it is used in an attack or when businesses find it and patch it. Zero-day vulnerabilities in Apple’s iMessage and WhatsApp have already been exploited to install spyware programmes. Zero-day vulnerabilities were also utilised by the spyware called Pegasus, created by the Israeli business NSO Group.
Affected devices include every iPhone model up to and including the iPhone 6S, every iPad Pro model, every iPad Air 2 and later model, every iPad 5th generation and later, every iPad mini 4 and later model, and every iPod touch 7th generation. The Macs running macOS Monterey, as well as the Safari web browser offered by Apple for macOS Big Sur and macOS Catalina, need to be updated among the computing devices.
The most recent software and OS updates that Apple has released are strongly advised for these devices right away.
TechCrunch claims that certain effective exploits, like those of the NSO Group’s Pegasus, combine two or more vulnerabilities to bypass a device’s defences. Attackers frequently leverage a flaw in the device’s browser as an initial point of entry into the operating system, giving them full access to the user’s private information.
Hardware and software To keep devices up to date with the most recent security flaws and vulnerabilities, OEMs frequently make software upgrades. As soon as a new version becomes available, it is advised to continually updating devices.
