January 29, 2023

IT House August 20 news, according to CCTV reports, the United States Apple Inc. released two security reports on Wednesday local time, revealing that the company’s smartphone iPhone, tablet computer iPad and iMac computers and other products have serious security vulnerabilities. The flaw could give hackers full control over these devices.

These vulnerabilities could allow a potential attacker to hack into a user’s device, gain administrative privileges or even take full control of the device and run applications within it. Apple said it has begun to find the reasons for the above security flaws and corresponding solutions.

According to reports, a remote code execution vulnerability (RCE) named CVE-2022-32893 exists in Apple’s HTML rendering engine (WebKit), through which hackers can trick iPhones, iPads and Macs to run unauthorized and untrusted , and CVE-2022-32893 is an out-of-bounds write issue in WebKit, so please update your system and browser as soon as possible.

According to the report, “affected devices” include iPhone 6S and later models, several iPad models, and iMac computers running the macOS Monterey operating system, and even some iPods. Experts recommend updating these devices to the latest version of IOS as soon as possible.

Rachel Toback, CEO of cybersecurity firm SocialProofSecurity, said the flaw could give attackers “full administrator rights” to a device, allowing them to impersonate the device’s owner.

“It’s what we call a zero-day because it was exploited by hackers before the company knew about it, just in this case Apple” So at the moment we don’t know who actually exploited this vulnerability and how it was exploited .

See also  Do NOT Install This Tweak On Your Jailbroken iPhone (Any iOS Version) – Battery Drain Warning!

Apple did not say where, when or who the vulnerabilities were discovered, other than citing an anonymous researcher in its report.

IT Home has learned that this vulnerability has been fixed in iOS 15.6.1 and iPadOS 15.6.1 on August 17, please install the update as soon as possible. Current latest version:

6388ce31-7e80-4e00-9a87-3996b09b8da1.png

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad (5th generation) and later, iPad mini 4 and later, and iPod touch (p. 7th generation), and macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that this issue may have been exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894: An anonymous researcher

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad (5th generation) and later, iPad mini 4 and later, and iPod touch (p. 7th generation), and macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of reports that this issue may have been exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 243557

CVE-2022-32893: An anonymous researcher