1. Home
  2. Security
  3. Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now
Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now

Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now

If you have an older iOS device like the iPhone 6 or iPad Air, we recommend downloading Apple's latest update, iOS 1254

Apple's security information says that this update squashes two serious security flaws related to the Safari browser, more specifically the page rendering engine that runs it, called WebKit Both flaws are considered "zero-day" flaws because they may have already been exploited, ie, used by hackers to attack iPhone users

The first zero-day flaw, listed as CVE-2021-30761, involves a memory corruption issue in WebKit; the second, CVE-2021-30762, allows malicious code to enter WebKit's memory space after WebKit has freed memory This is a "use after free" bug in information security terms

Both flaws were discovered by "anonymous researchers," Apple said, and both allow "maliciously crafted web content" to execute code on iOS devices In other words, the flaw could allow a poisoned website to install and execute malware on an iPhone This flaw appears to be specific to iOS 12

The third flaw, CVE-2021-30737, contains a memory corruption issue in ASN1 (software used to encrypt and decrypt secure communications), although it does not appear to be used in active attacks

The same flaw was discovered by "xerub" and fixed in new iPhones with iOS 146 in May Attackers can use this flaw to force an iOS device to load and execute malware after reading a maliciously created security certificate

Apple has patched these flaws for all devices running iOS 12, including the iPhone 5s (released in 2013), iPhone 6 and iPhone 6 Plus (both released in 2014) These devices were not upgraded to iOS 13, so they remain point releases of iOS 12

Apple continues to push security updates for older devices, keeping them secure even if they are denied more modern features It would be hard to find an 8-year-old Android phone that still offers security updates

Nevertheless, millions of people could be affected by these flaws Maybe they still use an old iPhone, or maybe they have an old device lying around that they use occasionally; that old iPad they use for YouTube, or that old iPhone they gave their child, could be vulnerable

To update your iOS device, head to the settings menu, look for "General" and tap "Software Update," which will find a new patch and download it for you You may want to make sure you've made a full backup of your device first, just in case

Source: https://www.tomsguide.com/news/apple-fixes-zero-day-security-flaws-on-older-iphones-update-now

Categories

Comments

There is no comments

About Us

Do you like technology and are you geek? Then, this is your magazine!

Navigation

Copyright © 2024 LivesTeching - F43