Attention Apple Users: Multiple Vulnerabilities in Apple Products | Ron Benvenisti

Overview: Multiple vulnerabilities have been discovered in Apple products. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs or view, change, or delete data.

Threat Intelligence

Apple is aware that threat CVE-2022-22675 is currently being exploited in the wild.

Systems Affected

  • Safari prior to 15.5
  • tvOS prior to 15.5
  • Xcode prior to 13.4
  • macOS Catalina prior to Security Update 2022-004
  • macOS Big Sur prior to 11.6.6
  • macOS Monterey prior to 12.4
  • iOS and iPadOS prior to 15.5
  • watchOS prior to 8.6

Risk

Government:

– Large and medium government entities: High

– Small government entities: Medium

Businesses:

– Large and medium business entities: High

– Small business entities: Medium

Recommendations

Th Multi State Information Sharing and Analysis Center (MS-ISAC) recommends the following actions be taken:

  • Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments, especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Block execution of code on a system through application control, or script blocking.
  • Restrict execution of code to a virtual environment on or in transit to an endpoint system.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc., behavior.
This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

8 COMMENTS

  1. I don’t know if understand technology. Just worried. If I use Chase banking app on an old iPhone (OS is up to date) am I at risk of someone stealing my money? TY

    • Hi Shlomo,

      If your iOS is up to date at 15.5 you’re safe from this vulnerability.

      Make sure you use Two-Factor Authentication on your Chase app (and any other app where there are money transactions or sensitive data, like Amazon, etc.). A VPN app will give you added protection by obscuring your IP address and location while encrypting your data. With a VPN app you can pick your geographical location almost anywhere in the world. Stick to the US unless you like your searches to show up in Swedish, for example!

    • Fauci: “My recommendation is that everyone take the worm vaccine. That way, even if someone does catch the worm, it will feel like nothing more than a mild bug in his system.”

      Interviewer: “Apparently, even Bill Gates is concerned about the worm, and he’s not even an Apple guy! He’s very big into the vaccine!”

      Fauci: “That’s right! Because Bill Gates, with his Microsoft software, has plenty of experience with bugs, which is why he is a big advocate of the worm vaccine.”

      Interviewer: “But Dr. Fauci, a worm is neither a bug or an insect!”

      Fauci: “Well, I am not an Entomologist, so I wouldn’t know about that, but when you’ve had experience with bugs, like Mr. Gates has had with Microsoft, you realize it’s worth it to get the worm vaccine.”

      Interviewer: “Dr. Fauci, thank you for your time. I’m sorry if I’m bugging you too much.”

      Fauci: “No problem at all, I’ve already had the vaccines and the booster, so I’m not concerned about the bugs. Moreover, I’m so used to being bugged all day, that I’m already immune to it.”

      Interviewer: “Thanx, Dr. Fauci. Next up, we’ll be discussing a brand new procedure that can permanently implant a facemask on your face. Don’t go away. We’ll be back in a few minutes.”

      Fauci: “Can I go?”

      Interviewer: “Of course you can.”

Comments are closed.


© Copyright | The Lakewood Scoop. All Rights Reserved