Ransomware-as-a-Service: The Growing Threat
December 9, 2023
China Tightens Grip on Data Security with Color-Coded Alert System
December 18, 2023
On Monday, Apple released crucial security updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser. These updates address multiple security vulnerabilities, including backporting fixes for two recently disclosed zero-days to older devices.
What Devices Are Affected?
- iOS and iPadOS: 12 vulnerabilities affecting AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari Private Browsing, and WebKit.
- macOS Sonoma 14.2: 39 vulnerabilities, including six impacting the ncurses library.
- Safari 17.2: Two WebKit vulnerabilities (CVE-2023-42890 and CVE-2023-42883) leading to potential arbitrary code execution and DoS attacks.
- iOS 17.2 and iPadOS 17.2: Siri bug allowing data access, Contact Key Verification for iMessage privacy, and fixes for several other vulnerabilities.
- iOS 16.7.3 and iPadOS 16.7.3: Eight security issues, including two actively exploited WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917).
- Critical Flaws Patched:
- CVE-2023-45866: Bluetooth vulnerability allowing attackers to inject keystrokes by spoofing a keyboard.
- CVE-2023-42890 and CVE-2023-42883: WebKit vulnerabilities leading to potential arbitrary code execution and DoS attacks.
Why Update?
It is crucial to update your devices to the latest versions as soon as possible to address these security vulnerabilities and protect your data. Hackers may exploit these vulnerabilities to gain access to your personal information, steal your money, or install malware on your device.
How to Update:
- iOS and iPadOS: Go to Settings > General > Software Update.
- macOS: Go to System Preferences > Software Update.
- tvOS: Go to Settings > General > Software Updates.
- watchOS: Open the Watch app on your iPhone, go to General > Software Update.
- Safari: Go to Safari > Preferences > Advanced and check the "Install updates automatically" box.
Additional Information:
- Apple has released a technical explainer on Contact Key Verification: https://support.apple.com/guide/iphone/use-contact-key-verification-iph654dd8c53/ios
- No additional details are available yet about the actively exploited WebKit vulnerabilities.
Stay Informed:
Follow Apple's security updates page for the latest information: https://support.apple.com/en-us/HT201222
By updating your devices and staying informed, you can help protect yourself from cyberattacks.
