Wu Blockchain warned Apple crypto users that operating system vulnerabilities could expose them to attackers. Linking an article from Kaspersky, it was noted that these are “high threat” vulnerabilities applicable to iOS and macOS.
Given the severity of the threat, Apple responded immediately with updates to patch its latest operating systems and “several previous versions.”
A deep dive by Kaspersky revealed the first vulnerability, labeled “CVE-2023-28205,” relates to the development architecture of the company’s Safari web browser. If exploited, bad actors could execute arbitrary code on the device.
Vulnerability “CVE-2023-28206” enables attackers to execute code with the operating system’s core permissions. When both vulnerabilities are exploited together, gaining access to the device and bypassing security partitions to obtain full access is possible.
Kaspersky pointed out that Safari architecture renders all webpages on Apple’s mobile devices, regardless of whether a different browser is used. Moreover, such is the browser architecture that “zero-click” infection is possible.
The firm recommends installing the newest Apple updates – for those on the latest iOS, iPadOS, or tvOS devices, this would be version 16.4.1. Older iPhones and iPads no longer supported should ensure the device runs version 15.7.5.
All Comments