With iOS 16.3.1, Apple Addresses A Zero-Day Web-Kit Vulnerability:
Apple has issued an emergency security update to address a new zero-day vulnerability that is being used to attack susceptible iPhones, iPads, and Macs.
According to Bleeping Computer, an unknown researcher uncovered this zero-day vulnerability, which has now been addressed with the launch of iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1.
After accessing a malicious web page, successful exploitation allows attackers to execute arbitrary code on devices running vulnerable iOS, iPadOS, & macOS versions. The flaw also affects Safari 16.3.1 on macOS Big Sur and Monterey.
“Processing maliciously designed web content may result in arbitrary code execution,” Apple noted of the zero-day vulnerability. “Apple is aware of a report that this problem may have been exploited extensively.”
To make things worse, according to a recent investigation, this zero-day vulnerability “may have been actively exploited” in the wild. As a result, Apple has issued emergency security patches for iOS, iPadOS, and macOS.
The flaw affects both older and current models, therefore the list of afflicted devices is fairly long.
- iPhone 8 and subsequent models
- Macs running macOS Ventura, iPad Pro (all models), iPad Air 3rd generation and later,
- Pad 5th generation & later, and iPad mini 5th generation and later
Devices Affected:
Because this zero-day vulnerability impacts iOS, iPadOS, and macOS, the number of devices affected is rather large.
iPhone 8 And All Current iPhone Models Are Impacted:
According to Apple, the iPhone 8 and all future iPhone models are impacted, as are all versions of the iPad Pro, iPad Air 3rd generation and after, iPad 5th generation and later, and iPad mini 5th generation & later. At the same time, every Mac running macOS Ventura is vulnerable.
While Apple has said that it has received reports of this zero-day vulnerability being actively exploited in the field, the firm has not yet shared specifics about these assaults. This is most likely because it wants as many iPhone, iPad, and Mac owners to upgrade their devices with these new security patches as possible before revealing more.
If Your Device Is Afflicted Then Install These New Security Update:
If you possess an afflicted device, it is strongly advised that you download and install these new security upgrades as soon as possible, since the hackers behind these assaults are likely waiting to target people who continue to use vulnerable devices.
Protect Your Devices From Hackers:
Aside from applying the most recent security updates, there are various more methods to keep your Apple devices safe from hackers.
If you own a MacBook, iMac, Mac Mini, or any other Apple computer, you should consider investing in one of the top Mac antivirus software packages to keep you secure from malware and other dangers. Similarly, utilizing one of the finest password managers will help keep your credentials safe from thieves.
While no iPhone antivirus applications exist owing to Apple’s own constraints, Intego Premium Bundle X9 is a Mac antivirus program that can scan your iPhone and iPad for viruses when connected to your Mac through a USB cord.
Although we don’t know much about this new zero-day vulnerability and how it’s being exploited in the wild, Apple’s distribution of emergency security fixes for all of its platforms is reason enough to take this danger seriously.
If You Use Google Photos, Don’t Upgrade To iOS 16.3.1:
If you utilize Google Photos, it seems that you should postpone upgrading to iOS 16.3.1 for the time being. According to users, the update disrupts compatibility with the Google Photos app for iPhone, causing the app to crash instantly upon opening.
As of now, Google has not responded to this issue. Again, iOS 16.3.1 has just been out for a few hours. Despite the fact that this error seems to be linked to an iOS upgrade, it will most likely be Google’s obligation to solve it.
Users who install the app for the first time will be able to complete the login flow without crashing. After granting access to the whole user library, the program may crash, indicating that this may be related to how Google accesses those photographs.
Other programs with full library access, such as Darkroom, seem to be unaffected. Google will most likely provide a patch shortly, so users won’t have to wait long for the app to be reinstated.