![]() The WebKit engine is the only browser engine that’s allowed on Apple’s mobile operating systems. ![]() Not only are the latest generations of these operating systems vulnerable, but previous ones are too, so Apple has released updates (one after the other) for a whole range of systems: macOS 11, 12 and 13, iOS/iPadOS 15 and 16, and also tvOS 16. The vulnerabilities can be found in both macOS desktop operating systems and mobile ones: iOS, iPadOS and tvOS. The second, in turn, allows you to “escape from the sandbox” and do almost anything with the infected device. ![]() Thus, these two vulnerabilities can be used in combination: the first serves to initially penetrate the device so that the second can be exploited. Attackers can use it to execute code with operating system core permissions. The second vulnerability - CVE-2023-28206 (threat level “high” ) - was discovered in the IOSurfaceAccelerator object. The essence of this vulnerability is that, using a specially made malicious page, the bad guys can execute arbitrary code on a device. The first one - named CVE-2023-28205 (threat level: “high” ) - concerns the WebKit engine, which is the basis of the Safari browser (and not only that more details below). In total, two vulnerabilities were discovered. But let’s take it step by step… Vulnerabilities in WebKit and IOSurfaceAccelerator The vulnerabilities are so critical that, to combat them, Apple rapidly released updates not only for the latest operating systems, but also for several previous versions. No sooner had we written about vulnerabilities in both Apple and Microsoft operating systems, as well as in Samsung Exynos chips, allowing the hacking of smartphones without any action on the part of their owner, than news broke about a couple of very serious security holes in both iOS and macOS - besides the ones that attackers were already exploiting.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |