Key Points:
Two vulnerabilities were found in total. The first vulnerability, CVE-2023-28205, affects the WebKit engine, which serves as the foundation for the Safari browser. The malicious core of this issue is that the bad guys may execute arbitrary code on a device by utilizing a properly designed website.
CVE-2023-28206, the second vulnerability, was identified in the IOSurfaceAccelerator object. It may be used by attackers to run programs with operating system core rights.
As a result, these two vulnerabilities may be leveraged in tandem: the first helps to first enter the device, and allow the second to be exploited. Scammers may then “escape from the sandbox” and do nearly anything with the compromised gadget.
The flaws may be detected in both macOS desktop and mobile operating systems, including iOS, iPadOS, and tvOS. Not only are the recent versions of these operating systems most susceptible, but so are prior generations, therefore Apple has issued fixes for a wide variety of devices.
The WebKit engine is the only one supported by Apple’s mobile operating systems. WebKit will still be utilized to render web pages on your iPhone regardless of whatever browser you use.
WebKit vulnerabilities, such as the one mentioned above, allow for “zero-click” infection of an iPhone, iPad, or Mac. That is, the device gets infected without any active user activity – just luring them to a carefully designed malicious website is enough.
This may result in the loss of your property and your device’s personal and confidential information. Here can be application passwords, crypto assets, and important documents.
Not only Apple but technology giants are also having a headache about security when scammers are increasing, and their tricks are increasingly sophisticated. On January 14, an individual claimed to have mistakenly downloaded malware detected via a Google Adwords search result, losing all of their nonfungible tokens (NFT) and crypto.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Harold
Coincu News
Bitcoin Spot ETF Inflows have reached $510 million as of November 13, marking six consecutive…
Solana DEX trading volume reached historic highs, exceeding $5 billion daily for three days. Raydium…
Phantom iOS users are warned that a recent app update caused some users to log…
Japanese crypto exchange Coincheck is set to become the first Japanese crypto exchange to list…
The US DOJ investigates Polymarket for Alleged Illegal US User Bets Polymarket, for allegedly permitting…
Ethereum’s ICO was priced at around $0.30 per token, and today, it’s valued in the…
This website uses cookies.