Monday, December 4, 2023
HomeAppleIf you haven't updated your Apple devices this week, go do it...
Apple

If you haven’t updated your Apple devices this week, go do it now

Preshew
By Preshew
0
46

All attention might be on iOS 17 and macOS Sonoma, but Apple hasn’t stopped working on its current crop of operating systems. And if you’re not running the betas, you need to know that Apple just shipped a slew of updates to fix some critical security holes.

In all, Apple pushed 10 updates on Wednesday: iOS 16.5.1 and iPadOS 16.5.1; iOS 15.7.7 and iPadOS 15.7.7; macOS Ventura 13.4.1, macOS Monterey 12.6.7, and macOS Big Sur 11.7.8; Safari 16.5.1; and watchOS 9.5.2 and watchOS 8.8.1. That covers more than a decade of devices going back to 2013 and includes the iPhone 6s, Apple Watch Series 3, and the original 12-inch MacBook.

All of the OS updates fix the same vulnerability:

Kernel

  • Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
  • Description: An integer overflow was addressed with improved input validation.
  • CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky

According to The Register and Hacker News, this update fixes the flaw exploited by the “Operation Triangulation” campaign that was able to use iMessage to deliver a “malicious attachment” that then transmitted sensitive information including audio recordings, photos, and geolocation data. The exploit, dubbed TriangleDB is known to have been exploited in versions of iOS earlier than 15.7, but the flaw can be found in all of Apple’s devices.

Additionally, the iOS, iPadOS, and macOS Ventura updates, as well as Safari 16.5.1 for Big Sur and Monterey, include a fix for a WebKit flaw that also may have been exploited:

WebKit

  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: A type confusion issue was addressed with improved checks.
    CVE-2023-32439: an anonymous researcher (WebKit Bugzilla: 256567)

None of the updates include any other security patches. However, the iOS 16.5.1 release notes say it includes a fix for an issue that prevents charging with the Lightning to USB 3 Camera Adapter.

Previous article
How Technology Is Changing Hospital Facility Management as We Know It
Next article
Join Azure Databricks customers at Data + AI Summit 2023
Preshew
Preshewhttp://upgradenewsusa.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Load more

Recent Comments

Beatrice on TikTok Starts to Replace Traditional News Websites Among Younger Demographics / Digital Information World
https://www.wexcams.com on TikTok Starts to Replace Traditional News Websites Among Younger Demographics / Digital Information World
Technology_ztPt on Best Drones for Golf Courses – Droneblog
Ulysses Wilde on Galaxy SmartTag 2 certification reveals a connectivity upgrade
GLORY_ydei on Best Drones for Golf Courses – Droneblog
aspor.ua on TikTok Starts to Replace Traditional News Websites Among Younger Demographics / Digital Information World
konoha69 on Meta reportedly making LLaMA commercially available, despite lawmaker inquiries
big ass on Home

ABOUT US

Upgradenewsusa is our tech news website! We cover a wide range of topics, including artificial intelligence, cybersecurity, software, and everything in between. We are dedicated to keeping our readers up-to-date with the latest and most interesting tech news from around the world.

POPULAR POSTS

POPULAR CATEGORY

Copyright 2023 © upgradenewsusa.com. All rights reserved.