Vulnerabilities in iOS and iPad OS Enable Remote Code Execution

Several vulnerabilities in iOS and iPadOS allow attackers to remotely execute code on vulnerable iPhones and iPads. Just visiting a malicious website is sufficient. No further user interaction is required. Apple has released iOS 14.6 and iPadOS 14.6 to address the vulnerabilities.

The updates resolve at least 43 vulnerabilities in both operating systems. It has been more common in the past for Apple to report at a later date that more security vulnerabilities have been fixed than previously announced. Several of the now-fixed leaks reside in WebKit, the Apple-developed browser engine that Safari and all other browsers on iOS use.

Handling rogue web content allows an attacker to execute arbitrary code on the user's system. Such vulnerabilities can be exploited via a drive-by download, where visiting a compromised or rogue website is enough to be attacked. Opening a malicious image or audio file also enables code execution.

Furthermore, it is possible for rogue apps to gain kernel and root rights, iPhones and iPads can accept invalid activation results, it is possible to retrieve protected information via the lockscreen and an attacker nearby can cause users to use less secure Wi-Fi authentication. . Updating to the latest version of iOS and iPadOS can be done via the update function or iTunes.

Previous Post Next Post