1. Home
  2. Security
  3. Apple Devices under attack — Update your Mac, iPhone, iPad, and Apple Watch now
Apple Devices under attack — Update your Mac, iPhone, iPad, and Apple Watch now

Apple Devices under attack — Update your Mac, iPhone, iPad, and Apple Watch now

On Monday, May 3, Apple distributed emergency patches to macOS, iPadOS, watchOS, and two different versions of iOS that fix four flaws in WebKit, the rendering engine for the Safari web browser

Macs are now on macOS Big Sur 1131 apple Watch is on watchOS 741 New iPhones and iPads will be on iOS/iPadOS 1451, while older iPhones and iPads (dating back to the 2013 iPhone 5s, iPad Air, and iPad mini 2) will be on iOS 1253

Install these updates when they arrive For each flaw, the company states that "Apple is aware of reports that this issue may have been actively exploited"

In each case, Apple states that "processing maliciously crafted web content may result in the execution of arbitrary code In layman's terms, a web page could be created to remotely hack a Mac, iPhone, iPad, or Apple Watch [Three of the four flaws, assigned catalog numbers CVE-2021-30661, 30665, and 30666, are attributed to Chinese researchers Yang Kang (aka "@dnpushme"), "zerokeeper" and Bian Liang Apple lists their affiliation as "360 ATA" and they may be part of the Qihoo 360 group; all three defects involved improper handling of memory during execution

The fourth vulnerability, CVE-2021-30663, is described as "anonymous researcher" The flaw is described only as an "integer overflow"

The iOS 1253 update patches all four flaws The other update patches only CVE-2021-30663 and 30665, while the other two flaws were probably fixed in a previous system update

Apple usually reveals few details about security flaws until after most users have installed the fixes

Apple has been busy on the information security front in recent weeks Last week, the company released macOS 113, which, like the one reported today, fixes a very serious flaw that had already been exploited by hackers Like the four flaws disclosed today, this is meant to be a "zero-day flaw" A zero-day flaw is so called because the defending developer has only zero days to apply the patch before the flaw is exploited

In early April, German researchers announced that Apple's AirDrop wireless file-sharing protocol could be exploited to leak users' contact information to anyone nearby The flaw does not appear to have been fixed in today's update

Source: https://www.tomsguide.com/news/apple-urgent-updates-2105

Categories

Comments

There is no comments

About Us

Do you like technology and are you geek? Then, this is your magazine!

Navigation

Copyright © 2024 LivesTeching - F43