Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens lxylizi, South China Wu Yanzu, National Fairy Dad, twinkling clue delivery! CTOnews.com, August 20 (Xinhua)-- Apple released two security reports on Wednesday local time, revealing serious security vulnerabilities in its smartphones, the iPad and iMac computers, according to CCTV. The vulnerability allows hackers to take complete control of these devices.

These vulnerabilities may allow potential attackers to invade the user's device, gain administrative privileges, or even take full control of the device and run applications in it. Apple said it has begun to look for the reasons for the above security vulnerabilities and the corresponding solutions.

According to reports, there is a remote code execution vulnerability (RCE) called CVE-2022-32893 in Apple's HTML rendering engine (WebKit), through which hackers can deceive iPhone, iPad and Mac into running unauthorized and untrusted code; while CVE-2022-32893 is an out-of-bounds writing problem in WebKit, so please update your system and browser as soon as possible.

According to the report, the "affected devices" include iPhone 6S and subsequent models, a number of iPad models, iMac computers using the macOS Monterey operating system, and even some iPod. Experts recommend that these devices be updated to the latest version of IOS as soon as possible.

Rachel Tobback, CEO of cyber security company SocialProofSecurity, said the vulnerability could allow attackers to gain "full administrator privileges" on the device, allowing them to impersonate the owner of the device.

"this is what we call a zero-day loophole, because it was exploited by hackers before the company discovered it, but in this case it was Apple." so we don't know who actually exploited this loophole and how it was exploited.

Apple did not say where and when the vulnerabilities were discovered, or by whom, but cited an anonymous researcher in its report.

CTOnews.com learned that this vulnerability was fixed in iOS 15.6.1 and iPadOS 15.6.1 on August 17. Please install the update as soon as possible. The latest version is available:

The latest version of iOS and iPadOS is 15.6.1. Learn how to update software on iPhone, iPad, or iPod touch.

The latest version of macOS is 12.5.1. Learn how to update software on Mac and how to allow important background updates.

The latest version of Apple tvOS is 15.6. Learn how to update the software on Apple TV.

The latest version of watchOS for Apple Watch Series 3 is 8.7.1. The latest version of watchOS for Apple Watch Series 4, Apple Watch Series 5, Apple Watch SE, Apple Watch Series 6, and Apple Watch Series 7 is 8.7.

Kernel

Suitable for: iPhone 6s and newer models, iPad Pro (all models), iPad Air 2 and newer models, iPad (generation 5) and newer models, iPad mini 4 and newer models, and iPod touch (generation 7), and macOS Monterey

Impact: the application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that the problem may have been exploited.

Description: the problem of out-of-bounds writing has been resolved by improving boundary checking.

CVE-2022-32894: an anonymous researcher

WebKit

Suitable for: iPhone 6s and newer models, iPad Pro (all models), iPad Air 2 and newer models, iPad (generation 5) and newer models, iPad mini 4 and newer models, and iPod touch (generation 7), and macOS Monterey

Impact: handling maliciously crafted web content can lead to arbitrary code execution. Apple is aware of reports that the problem may have been exploited.

Description: the problem of out-of-bounds writing has been resolved by improving boundary checking.

WebKit Bugzilla:243557

CVE-2022-32893: an anonymous researcher

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.