Apple warns of 3 new vulnerabilities affecting iPhone, Mac and iPad

Merouan Goumiri

February 25, 2023 at 5:30 p.m.


iPhone 5c © Shutterstock

© Shutterstock

Owners of iPhone, Mac and iPad, caution: vulnerabilities have recently been discovered in Apple operating systems.

So make sure you have the latest version of the system installed on your device.

New vulnerabilities detected on iOS, iPadOS and macOS

On January 23, Apple released patches to iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2. The main objective of the latter was then to correct medium and critical vulnerabilities within the various operating systems concerned. Last week, we invited you to update your Apple devices as soon as possible following a previous severe security breach.

Recently, the Apple brand updated its website by integrating three new vulnerabilities freshly identified in iOS, iPadOS and macOS. The first of these, named CVE-2023-23520, allows an attacker to read arbitrary files as root. Apple said it fixed the issue with additional validation.

Fearsome flaws, but already corrected by Apple

The discovery of the other two vulnerabilities, namely CVE-2023-23530 and CVE-2023-23531, is to Austin Emmitt, vulnerability researcher at Trelix. As often, the latter can allow an application to execute arbitrary code with elevated privileges. A malicious person could then take advantage of these vulnerabilities to exploit malicious code, and thus access various applications on your device such as Photos, Messages or Calendar. Your location data, your microphone as well as your call history could also be exploited.

According to Emmitt, whose remarks are reported to us by the site The Hacker NewsThese vulnerabilities represent a significant violation of the macOS and iOS security model, which relies on individual apps having precise access to the subset of resources they need and querying higher-privilege services to get everything. stay “. Either way, if you’ve installed the latest security patches released by Apple, you can rest easy. These have indeed been corrected with the latest versions of the operating systems published.

Source : The Hacker News

Source link -99