It’s not clear for what reason Apple withheld details of the bug for two weeks. As such, and for those who have not yet updated to iOS 16, Apple also released iOS and iPadOS 15.7.2 to fix the WebKit vulnerability for users running iPhones 6s and later and some iPad models. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses.Īpple said in its Tuesday disclosure that it is aware that the vulnerability was exploited “against versions of iOS released before iOS 15.1,” which was released in October 2021. It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). The bug is called a zero-day because the vendor is given zero day’s notice to fix the vulnerability.Īpple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug. ago Let me clear your doubt, it’s very bad for security -1 2ksmity 3 mo. On the the other hand a monoculture of iOS devices all running WebKit makes a damn attractive target.
#IOS WEBKIT APP INFREQUENTLYNOTED UPDATE#
In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps, which if exploited could allow malicious code to run on the person’s device. WebKit is already one of the largest attack surfaces iOS has to deal with. The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones - including iPhone 8 and later - with unspecified “important security updates.” Although Apple’s April conference or new product release date has not yet been determined, some source have now discovered an interesting thing.
#IOS WEBKIT APP INFREQUENTLYNOTED SOFTWARE#
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. apple ios webkit app infrequentlynoted code 9to5mac discovered the unannounced names of the two next-generation Apple systems, iOS 15 and macOS 12, in the code of Apple’s open-source WebKit engine.
0 kommentar(er)
