Apple has just released another security update for iOS, iPadOS, macOS, and watchOS to patch three zero-day vulnerabilities
As reported by thehackernews, there are some vulnerabilities that need to be addressed. Firstly, the Security framework has a loophole, which means a harmful app can get past signature validation. Secondly, there’s a security flaw in the Kernel, enabling attackers to escalate their privileges locally. Lastly, a glitch in WebKit could potentially lead to executing malicious code when handling specific web content
In a recent update, Apple has addressed a security issue in iOS and other operating systems. Though Apple didn’t provide many specific details, they did mention that the problem might have been exploited in versions of iOS prior to iOS 16.7. Users are urged to update their devices to the latest versions to ensure their safety. The updates are available for various devices, including iPhone 8 and later, iPad Pro, iPad Air, iPad, and iPad mini. For newer devices, iOS 17.0.1 and iPadOS 17.0.1 are recommended. In addition, macOS Monterey 12.7 and macOS Ventura 13.6, watchOS 9.6.3 and 10.0.1 for Apple Watch Series 4 and later, and Safari 16.6.1 for macOS Big Sur and macOS Monterey also receive necessary updates. It’s crucial for users to stay vigilant against potential security breaches and keep their devices up to date to protect their personal information.
Researchers from Toronto’s Munk School and Google’s Threat Analysis Group have discovered potential spyware abuses targeting at-risk individuals. Apple recently addressed two zero-day vulnerabilities in their iMessage system, including a chain named BLASTPASS that deployed the Pegasus spyware. Additionally, Google and Mozilla released fixes for a security flaw that allowed arbitrary code execution when handling specific images. It’s possible that these vulnerabilities are related, according to a former Google researcher. Analysis revealed that the affected library, libwebp, is used in various systems and applications, expanding the vulnerability’s reach. Fortunately, the bug has been patched, but it may take some time to fully deploy the updates to all the affected platforms.