Pointers at Glance
- In the month of August, there were many security patches across the firms.
- Apple is one of the firms that fixed a severe iOS security flaw. It is good to update the devices without any delay.
Apple, Microsoft, and Google firms issued emergency fixes for already exploited vulnerabilities. In the month of August, some big fixes were also seen from the likes of VMWare, IBM, Cisco, and Zimbra.
Here are the details about the security flaw fixed by Apple in the month of August, which is one of the vital security flaws.
Apple released an emergency security update in August with iOS 15.6.1 after a two-month patch hiatus, followed by multiple fixes in July. The iOS update fixed two issues, both of which were being used by attackers in the wild.
It is thought that the vulnerabilities in WebKit (CVE-2022-32893) and the Kernel (CVE-2022-32894) were being chained together in attacks with severe consequences. A successful attack could allow an adversary to take control of an iPhone and access sensitive files and banking details.
Paul Ducklin, a principal research scientist at Sophos, wrote in a blog analyzing the vulnerabilities that combining the two flaws typically provides all the functionality needed to mount a device jailbreak, bypassing almost all Apple-imposed security restrictions. He explained that this would potentially allow adversaries to install background spyware and keep you under comprehensive surveillance.
Apple mostly avoids sharing details about vulnerabilities until most people have updated. Hence, it is hard to know who the attack targets were. Users should update their devices to iOS 15.6.1 without delay to ensure they are safe.
Apple also released watchOS 8.7.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, all of which users should update at the next opportunity.
Also Read: Apple Ipod The End of an Era