Authored by Tom Ozimek via The Epoch Times,
Apple has released urgent security updates for its iOS and other operating systems to patch against vulnerabilities that both the tech giant and U.S. cybersecurity officials warned could be actively exploited by hackers.
Apple’s security updates patch gaps in operating systems for the iPhone, iPad, and Mac products, as well as its Safari web browser, according to a series of security-related announcements on Nov. 19.
Specifically, the software updates target iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1, macOS Sequoia 15.1.1, Safari 18.1, and Safari 18.1.1.
Apple noted that in all the above-listed cases, the patches fix two significant vulnerabilities in WebKit and JavaScriptCore. These vulnerabilities, which could lead to arbitrary code-execution attacks through malicious web content, may have been exploited by hackers.
“Apple is aware of a report that this issue may have been actively exploited on Intel-based Macs,” the company wrote in several of the security alerts.
No information was available as to the possible identity of any cyber-threat actors who may have exploited these vulnerabilities. In general, if hackers are able to execute arbitrary code through maliciously crafted web content, this could put sensitive user data at risk, potentially leading to unauthorized access, stolen credentials, or even device control.
In addition, the security patches to Apple’s Safari 18.1 address multiple vulnerabilities that could be exploited for malicious purposes, including allowing hackers to misuse a trust relationship to download malicious content, to leak private browsing history, and to allow the processing of maliciously crafted web content that could prevent security protocols from being enforced or that could cause unexpected process crashes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also took note of the security gaps in the listed Apple products.
“A cyber-threat actor could exploit one of these vulnerabilities to take control of an affected system,” the CISA said in a Nov. 20 alert, noting that the security updates released by Apple address these vulnerabilities.
According to Apple’s security alerts, the scope of affected devices is extensive. The updates for iOS 18.1.1 and iPadOS 18.1.1 address vulnerabilities for devices such as the iPhone XS and later, iPad Pro models (from the 3rd generation onward), and iPad Air and mini models released since the 3rd and 5th generations, respectively.
Similarly, iOS 17.7.2 and iPadOS 17.7.2 extend coverage to slightly older devices like the iPad Pro 10.5-inch and the iPad 6th generation.
Mac users running macOS Sequoia 15.1.1 or Safari on macOS Ventura and macOS Sonoma are also affected, as are early adopters of visionOS 2.1.1 on the Apple Vision Pro.
Authored by Tom Ozimek via The Epoch Times,
Apple has released urgent security updates for its iOS and other operating systems to patch against vulnerabilities that both the tech giant and U.S. cybersecurity officials warned could be actively exploited by hackers.
Apple’s security updates patch gaps in operating systems for the iPhone, iPad, and Mac products, as well as its Safari web browser, according to a series of security-related announcements on Nov. 19.
Specifically, the software updates target iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1, macOS Sequoia 15.1.1, Safari 18.1, and Safari 18.1.1.
Apple noted that in all the above-listed cases, the patches fix two significant vulnerabilities in WebKit and JavaScriptCore. These vulnerabilities, which could lead to arbitrary code-execution attacks through malicious web content, may have been exploited by hackers.
“Apple is aware of a report that this issue may have been actively exploited on Intel-based Macs,” the company wrote in several of the security alerts.
No information was available as to the possible identity of any cyber-threat actors who may have exploited these vulnerabilities. In general, if hackers are able to execute arbitrary code through maliciously crafted web content, this could put sensitive user data at risk, potentially leading to unauthorized access, stolen credentials, or even device control.
In addition, the security patches to Apple’s Safari 18.1 address multiple vulnerabilities that could be exploited for malicious purposes, including allowing hackers to misuse a trust relationship to download malicious content, to leak private browsing history, and to allow the processing of maliciously crafted web content that could prevent security protocols from being enforced or that could cause unexpected process crashes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also took note of the security gaps in the listed Apple products.
“A cyber-threat actor could exploit one of these vulnerabilities to take control of an affected system,” the CISA said in a Nov. 20 alert, noting that the security updates released by Apple address these vulnerabilities.
According to Apple’s security alerts, the scope of affected devices is extensive. The updates for iOS 18.1.1 and iPadOS 18.1.1 address vulnerabilities for devices such as the iPhone XS and later, iPad Pro models (from the 3rd generation onward), and iPad Air and mini models released since the 3rd and 5th generations, respectively.
Similarly, iOS 17.7.2 and iPadOS 17.7.2 extend coverage to slightly older devices like the iPad Pro 10.5-inch and the iPad 6th generation.
Mac users running macOS Sequoia 15.1.1 or Safari on macOS Ventura and macOS Sonoma are also affected, as are early adopters of visionOS 2.1.1 on the Apple Vision Pro.