![]() ![]() ![]() Download and start additional apps without going through the App StoreĪpple hasn’t said how these bugs were found (other than to credit “an anonymous researcher”), hasn’t said where in the world they’ve been exploited, and hasn’t said who’s using them or for what purpose.Spy on any and all apps currently running.This almost certainly means that the attacker could: …could jump from controlling just a single app on your device to taking over the operating system kernel itself, thus acquiring the sort of “admininstrative superpowers” normally reserved for Apple itself. There’s also a kernel code execution hole dubbed CVE-2022-32894, by which an attacker who has already gained a basic foothold on your Apple device by exploiting the abovementioned WebKit bug… The CVE-2022-32893 vulnerability therefore potentially affects many more apps and system components than just Apple’s own Safari browser, so simply steering clear of Safari can’t be considered a workaround, even on Macs where non-WebKit browsers are allowed. Macs can run versions of Chrome, Chromium, Edge, Firefox and other “non-Safari” browsers with alternative HTML and JavaScript engines (Chromium, for example, uses Blink and V8 Firefox is based on Gecko and SpiderMonkey).īut on iOS and iPadOS, Apple’s App Store rules insist that any software that offers any sort of web browsing functionality must be based on WebKit, including browsers such as Chrome, Firefox and Edge that don’t rely on Apple’s browsing code on any other plaforms where you might use them.Īdditionally, any Mac and iDevice apps with popup windows such as Help or About screens use HTML as their “display language” – a programmatic convenience that is understandably popular with developers.Īpps that do this almost certainly use Apple’s WebView system functions, and WebView is based directly on top of WebKit, so it is therefore affected by any vulnerabilities in WebKit. Remember that WebKit is the part of Apple’s browser engine that sits underneath absolutely all web rendering software on Apple’s mobile devices. Simply put, a cybercriminal could implant malware on your device even if all you did was to view an innocent-looking web page. There’s a remote code execution hole (RCE) dubbed CVE-2022-32893 in Apple’s HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code. Developers and invited users can now try out the beta version of Safari 16 for older macOS versions.Īs for the Safari 15.6.1 update, it is now available via the Software Update menu within the System Preferences app.Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. Safari 16 will also be available to users of macOS Monterey and macOS Big Sur later this year, once Apple releases macOS Ventura to the public. Other new features in Safari 16 include Shared Tab Group, strong password editing, improved CSS, and Passkeys – a new way to authenticate to websites with Touch ID without having to create a traditional password. This means that websites and web apps can now send notifications to users even when Safari is closed. The new version of Safari addresses one of the main complaints web developers have about Apple’s web browser, which is the lack of web push notifications. With macOS Ventura, which is now available for developers and beta users, Apple has announced Safari 16 with multiple new features. Safari 16 coming soon to older macOS versions Apple is aware of a report that this issue may have been actively exploited.Īpple has attributed the WebKit exploit fix to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Here’s what Apple says about the update on its website:Īvailable for: macOS Big Sur and macOS Catalina However, users with older Macs that are unable to run the latest version of macOS now have access to the same security fixes in Safari. This fix was already available for users who updated their Macs to macOS Monterey 12.5.1. Instead, it fixes an exploit in WebKit (Safari’s web engine) that could lead to arbitrary code execution. ![]() The update doesn’t come with any new features or major changes. And to bring these security enhancements to even more users, the company today released Safari 15.6.1 for Macs running macOS Big Sur and macOS Catalina. Apple this week released iOS 15.6.1 and macOS Monterey 12.5.1, both with security enhancements. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |