![]() ![]() Apple isn't saying who, but odds are it's some nation-state going after political dissidents or another undesirable group.Ĭhina has used iOS flaws in recent years to spy on Uyghur activists, and Middle Eastern petrostates have bought commercial iOS spyware to monitor dissidents and human-rights activists. ![]() In other words, someone has already been using these vulnerabilities to attack Macs, iPhones and/or iPads. In both cases, a malicious application has to get on your Mac, iPhone or iPad in the first place to carry out its dirty deeds, but that's not impossible if the app exploits a "zero-day" flaw that Apple isn't aware of until the malware has already been used.Īnd indeed, both these flaws get the disclaimer: "Apple is aware of a report that this issue may have been actively exploited." federal government designates information-security problems.)Ĭredit for notifying Apple of both flaws was given to "an anonymous researcher." Who's behind these attacks? (CVE stands for "common vulnerabilities and exposures" and is how the U.S. Needless to say, it sounds just as severe on mobile devices as it does on Macs. That's pretty serious, because it's basically God mode - it means an app can do whatever it wants on your Mac, iPhone or iPad.ĬVE-2022-22675 also exists on iOS and iPadOS, and was the only vulnerability patched in today's updates on those platforms. ![]() It could make it possible for an application "to execute arbitrary code with kernel privileges," as Apple phrased it in its security advisory. The second vulnerability is catalogued as CVE-2022-22675 and is a flaw in the AppleAVD media decoder. That ability could let an application steal passwords, digital verification signatures or all sorts of other secret information that modern operating systems use to keep things locked down. ![]()
0 Comments
Leave a Reply. |