A serious vulnerability has been discovered in Apple’s operating system, which could compromise the security of users’ crypto assets, according to lasted post by Kapersky. Attackers can gain root privileges and execute code with operating system core permissions, allowing them to escape from the sandbox and potentially do almost anything with the infected device. These two vulnerabilities can be used in combination to penetrate the device, and not only the latest generations of Apple’s operating systems but also previous versions are vulnerable.
The first vulnerability is named CVE-2023-28205 and concerns the WebKit engine, which is the basis of the Safari browser and is also used when web pages are opened from any other application. The second vulnerability, CVE-2023-28206, was discovered in the IOSurfaceAccelerator object. Both vulnerabilities have a threat level of “high” and can be found in macOS desktop operating systems and mobile ones, including iOS, iPadOS, and tvOS.
The WebKit engine is the only browser engine allowed on Apple’s mobile operating systems, and vulnerabilities in WebKit make possible the “zero-click” infection of an iPhone, iPad, or Mac. This means the device is infected without any active action by the user. It’s essential to promptly install any new updates related to Safari, even if you mainly use a different browser such as Google Chrome or Mozilla Firefox.
Apple has released updates for a whole range of systems, including macOS 11, 12 and 13, iOS/iPadOS 15 and 16, and also tvOS 16, to combat these vulnerabilities. However, it’s important to note that since the vulnerabilities have become public knowledge, other cybercriminals are likely to start exploiting them too. As usual, Apple is not releasing any details, but by all accounts, the chain of vulnerabilities described above is already being actively used by unknown attackers to install spyware.
To protect against these vulnerabilities, users should promptly install the new Apple updates, depending on the device in question. If your device no longer supports the latest OS, then you must update to the latest version available for your device. Additionally, it’s recommended to protect your Mac with reliable antivirus software that can protect you against new vulnerabilities that haven’t been fixed yet.
Read more:
- Hillary Clinton Cautions That Bitcoin Could Potentially Undermine The Role Of The Dollar And Destabilize The Country
- Montana’s “Right To Mine” Cryptocurrencies Bill Passes House Of Representatives