Without giving more details, the apple brand explained that these two vulnerabilities allowing to take control of one or more devices had probably been exploited by unidentified actors.
by
Apple announced on Wednesday August 17, have corrected two important software security faults concerning the operating systems of its devices, namely the iPhone, the iPad and the Mac. These vulnerabilities, designated under the names CVE-2022-32893 and CVE-2022-32894, touched two components of Apple software.
The first, webkit, is the spine of Safari, the designer’s web browser. Webkit is also used in all browsers available on iOS, the iPhone operating system. The flaw made it possible to thwart the safety of browsers to execute code on a device without the knowledge of its user if it went, for example, on a web page designed by pirates.
The second fault allowed an application to carry out actions at the level of the Kernel (or “nucleus”), a critical zone with the functioning of a device in which the link between the material and the software. By being able to act in this precise area of a phone or a computer, the hackers could therefore potentially take the total control of the devices.
of the faults probably used
Without giving more details, Apple explained that These two vulnerabilities had probably been exploited by unidentified actors, that is to say pirates seeking to take control of one or more devices.
It is likely that these two safety flaws were used. Pirates use, in fact, often what are called “operating chains”, that is to say several vulnerabilities triggered following to attack a device. For example, it would be possible here to operate the webkit flaw by creating a verolled web page to execute code on the phone of a target, then rely on the second vulnerability to obtain access to all of the device.
Manufacturers like Apple discover and regularly correct variable gravity safety flaws concerning their products. As well state, criminals and private groups are constantly looking to discover new ways to bypass the protections put in place by major computer groups, and there is even a market on which these so -called “Zero Day flaws are sold “, Vulnerabilities that have not yet been corrected and are therefore exploitable.