Too little, too late?Īpple says that it is aware of reports that three macOS and tvOS zero-day vulnerabilities (CVEs 2021-30663, 3063) "may have been actively exploited." In other words, those are "zero-day" flaws in that they're exploited by attackers before the defenders are able to deliver a fix. Apple lists six fixes to WebKit in iOS 14.6 to prevent these attacks, plus to stop “maliciously crafted web content" for universal cross-site scripting.Īpple's watchOS and tvOS also received security updates to fix many of the same issues. IPhones and iPad could be compromised by these malicious web pages to pinch details and sensitive info. Bug hunters identified seven vulnerabilities in the browser engine, "including two that would allow arbitrary code execution," according to The Register. Here, hackers can steal your internet cookies and sessions in Safari, effectively giving them an inroad for a full account hijacking. The vulnerabilities hinge on cross-site scripting attacks against iPhone users. WebKit is the engine behind Apple's Safari browser and is no stranger to bad press, having already been seriously scrutinized for security vulnerabilities earlier this year. iOS 14.6: WebKit updatesīack in the limelight once again is our old friend, WebKit. You can grab the latest macOS Big Sur update from the Mac App Store. The weakness has reportedly been patched in the latest version of macOS Big Sur 11.4, which was released on Monday (May 24). It's a pretty darn serious vulnerability, not least because it's one that could be exploited to gain unauthorized access to users' files, but because it can record video and audio direct from the victims' computers while hijacking other apps’ permissions. "The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent," according to the Jamf researchers. In sidestepping this protection, the XCSSET malware is able to circumvent the safeguards to users' privacy. ( MacOS 10.15 Catalina and 10.14 Mojave got patches as well.)Ĭhief amongst the security issues facing macOS is a nasty strain of malware that secretly takes screenshots of users' Macs, making the need to get your system updated even more urgent.ĭuring research into the XCSSET malware, initially discovered back in August 2020, cybersecurity firm Jamf discovered that a macOS zero-day exploit (CVE-2021-30713) was used by XCSSET to bypass Apple's Transparency Consent and Control protections.Ībbreviated to TCC, this feature sounds the virtual alarm when an app is behaving in a way that could threaten users' privacy like, say, taking photos or logging keystrokes. Some of the same flaws are fixed in macOS Big Sur 11.4, which sees 58 flaws patched by Apple's count. Apple counts 38 different flaws being fixed in iOS 14.6 and iPadOS 14.6, with some flaws having more than one Common Vulnerabilities and Exposures (CVE) reference number.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |