Apple vulnerabilities make it to Homeland Security’s warning list: Agency urges users to update iPhones, iPads and Macs before attackers take control of devices
- Apple rolled out an updated iOS Monday to fix two security flaws
- Homeland Security has now placed the threats on its warning list
- The update comes just months after Apple released its iOS 16
Apple rolled out a new iOS 16 update this week to patch to vulnerabilities in its system – and the flaws are now on the Homeland Security warning list.
The government group released a statement urging users to update to iOS 16.3.1, as attackers can ‘exploit these vulnerabilities to take control of an affected device.’
The update is for all Apple devices – the iPhone, Mac and iPad.
One of the issues is in Webkit, a Safari browser engine that allowed bad actors to execute an arbitrary code on an iPhone and Homeland Security believes it may been exploited.
The second security flaw in Kernel could allow an attacker to take over privileges, but the tech giant is unaware this has been used.
Apple released the iOS 16.3.1 on Monday. The updated operating system has patches for two security issues that were found
Apple rolled out the update on Monday, noting it patches the issues, noting there are reports of the flaw in Webkit being exploited.
The flaw found in Webkit was detected by an anonymous researcher and the one if Kernel was spotted by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
Apple also notes that The Citizen Lab at The University of Toronto’s Munk School also assisted with finding these security issues.
It is unclear how long the vulnerabilities have been plaguing devices, as Apple says it ‘doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.’
Apple’s release notes show that the iOS 16.3.1 update also includes multiple bug fixes, addressing issues with iCloud and Siri, along with more Crash Detection optimizations.
The initial release of iOS 16.3 was in June, which allows users to call silently with Emergency SOS and provides improved two-factor security and advanced data protection.
Apple’s Emergency SOS service was upgraded to call silently make calls if you enable the function via a slider option (useful in situations where an attacker might be present).
It is an option you enable so that when you make an SOS call via the Emergency SOS service, the phone will not flash or make a countdown.
Apple notes that one of the flaws may have been used by attackers in the real world
READ MORE: Five best new features of Apple’s iOS 16.3 update released
Apple’s latest iOS software update includes a handful of new features — one of which could be a real lifesaver.
The Emergency SOS service has also been tweaked to reduce the chance of accidentally triggering it.
The improved two-factor security allows users to secure their Apple ID and iCloud account with Security keys – a physical device that works as the second layer of two-factor authentication.
Instead of getting a code from another logged-in Apple device, you generate one with the security key.
And the advanced data protection enables end-to-end encryption for data in iCloud, including Messages, device backups and photos.
To install the new iOS, users can go to the Settings App, click on ‘General’ and then ‘Software Update.’
Then tap ‘Install’ if the iOS 16.3.1 update is available to download, and you will be guided through steps to verify the decision and reboot the device.
The update can also be installed through a Mac or Windows computer with iTunes.
It is a good idea to back up the iPhone before installing iOS 16 to ensure all data is secure in iCloud if anything goes wrong while updating.
This can be done by going into the Settings app, clicking the device owner’s name at the top of the menu, then clicking ‘iCloud’ and ‘iCloud Backup.’
When ‘iCloud Backup’ is set to on, tapping ‘Back Up Now’ will guide you through the back-up process and enable you to restore the device’s data to a later date.
Source: Read Full Article