The new serious Apple vulnerability allows attackers to compromise Apple devices and take over the operating system. They can then change system security settings, track your location, copy your text messages and browse history, and more. The vulnerability is caused by an unpatched remote code execution hole in Apple’s HTML rendering software. Using booby-trapped web pages, attackers can trick Apple devices into running unauthorised software code.
Pegasus spyware took advantage of a zero-day zero-click exploit
Pegasus spyware takes advantage of a zero-day zero click exploit to install itself on a device without requiring user interaction. It is known to target Android and iOS devices. It also has the ability to infect a phone’s address book. According to the researchers, the spyware can also access SMS messages, call history, calendars, emails, and internet browsing histories. While the NSO denies these claims, it has made a significant investment in developing the spyware and making it difficult to detect. Security researchers have noticed that Pegasus infections often disappear from the device once it is rebooted.
While Pegasus may not pose a major threat to the privacy of the average consumer, it poses a serious threat to human rights defenders and journalists. Despite being sold to governments as “lawful intercept spyware,” it is being used against political dissidents and journalists. In one example, the spyware was used to spy on a Mexican journalist who reported on corruption. Another case involved an international human rights defender in the UAE.
While Pegasus has recently received widespread media attention, zero-day zero-click attacks are not a new threat. Researchers at Citizen Lab, a Canadian internet watchdog, uncovered a zero-day zero-click exploit in the iOS operating system. The vulnerability, known as a buffer flow vulnerability, allowed attackers to install Pegasus malware on the targeted phone without requiring user interaction.
Apple’s HTML rendering software has a remote code execution hole
A zero-day security hole in Apple’s HTML rendering software (WebKit) has been discovered. If exploited, this vulnerability could allow attackers to take control of an Apple device’s kernel. Apple has issued an emergency update to fix the bug.
Attackers with access to an Apple device could change the security settings on the device, take over the operating system, and install malicious software. They could also access information such as your location, text messages, browsing history, and more. The hole affects all web rendering software on Apple’s mobile devices, including Safari.
The problem is caused by bugs in Apple’s WebKit rendering software. The problem affects browsers that use WebKit as a default. If an attacker can successfully trick a user into visiting malicious web pages, they can execute arbitrary code on the device. This hole affects the WebKit engine used by Apple Mail, the App Store, and many other apps. The vulnerability is caused by a memory-corruption issue in WebKit.
Apple did not say how the vulnerabilities were discovered. The company cited an anonymous researcher who had seen the vulnerability but had not yet seen any technical analysis. Security experts recommend updating affected devices. The vulnerability affects iPhone 6S and later models, iPad 5th generation and later, iPad Air 2, Mac computers running MacOS Monterey, and iPod models.
iOS 16 introduces Lock Down Mode to make it harder for hackers to compromise your phone
Apple’s new iOS 16 software introduces a new security feature called Lock Down Mode. This feature makes it much harder for hackers to compromise your phone by blocking certain actions. The idea is to prevent government agencies from compromising your device and spying on your private information. But unfortunately, this new feature has an unintended side effect. In order to turn Lock Down Mode on, you have to enter a passcode.
Lock Down Mode will only be enabled if you want it. If you don’t want to enable this new feature, you can disable it by setting your phone to “suspend all apps.” The new feature won’t affect your phone’s performance. However, it will disable some features. For example, it will prevent you from opening e-mails that contain attachments other than images. Furthermore, it will prevent you from making FaceTime calls to unknown numbers. If you are concerned about your privacy, you can also disable your iPhone from making wired connections while locked.
Lock Down Mode is an important new security feature. This mode prevents hackers from accessing your phone’s system. By preventing access to all but a few specific apps, it makes it much harder for hackers to compromise your phone. The new feature will also make it more difficult for hackers to steal information.