|
Privacy experts have uncovered two more Apple bugs in less than 10 days since the tech giant found others interfering with iOS 16.
The latest discovery allows cybercriminals to bypass security measures and run malicious code to access users’ pictures and messages, as well as the address book and calendar.
There are several ways to protect your personal information from hackers lurking in the shadows, such as using only trusted apps in the App Store and not opening messages from unknown users.
Apple recently added new vulnerabilities on the product’s security update page, urging users to download iOS 16.3.1 to fix the issues.
More Apple vulnerabilities found. They allow attackers to gain access to personal information such as photos, messages, and calendars.
Privacy experts at VPN Overview shared news about vulnerabilities CVE-2023-23520 and CVE-2023-23531 that allow attackers to bypass this cryptographic signature process and run malicious code from the security sandbox.
VPNOverview’s Christopher Bulvstein said in a statement: “Apple has strict restrictions on what software can run on devices. Android, alternatively, allows you to download third-party apps, which is why we usually see more Android malware.
“Part of these security measures include “signing” all applications with an Apple developer certificate.
“Apps are also limited in what they can do — they are effectively in their own sandbox.
These vulnerabilities allow cybercriminals to gain access to calendars, addresses, photos, videos, and saved files.
Hackers could potentially spy on users using their own audio or video capabilities.
VPNOverview has shared tips on how to protect your personal information.
Tips include using only trusted apps because there are instances where they collect more data than they should.
Apple and security experts are urging users to update their iPhones to prevent hackers from stealing their personal information.
One of the tips to keep your device safe is not to trust unknown devices when you connect your iPhone.
The other is to not trust unknown devices when you connect your iPhone.
When you connect your smartphone to your computer to charge, a notification pops up on the screen and asks if you should trust the device – always select “not allow”.
VPNOverview also urges users not to click on likes or open messages from unknown senders, and to update their devices to the latest version of the operating system.
Previous vulnerabilities discovered earlier this month have been added to the list of National Security alerts.
One of the problems is related to Webkit, the Safari browser engine that allowed attackers to execute arbitrary code on the iPhone, and the National Security Service believes that it could have been hacked.
A second security flaw in the kernel could allow an attacker to gain privileges, but the tech giant doesn’t know it was exploited.
It’s unclear how long the vulnerabilities have plagued devices.
Apple says it “does not disclose, discuss, or confirm security issues until an investigation is completed and patches or releases are available.”
Apple’s release notes reveal that the iOS 16.3.1 update also includes several bug fixes, fixes for iCloud and Siri issues, and additional crash detection optimizations.
The initial release of iOS 16.3 was released in June, allowing users to make silent calls with Emergency SOS and provides improved two-factor security and advanced data protection.
Apple Emergency SOS has been updated to make silent calls if you enable the feature via the slider (useful in situations where an intruder may be present).
This is the option you turn on so that when you make an SOS call via the SOS emergency service, the phone does not blink or start a countdown.