Security flaw puts crypto assets at risk

Apple operating systems have once again been discovered to include vulnerabilities of very high severity, and users have been advised not to put off installing the latest versions of iOS 16.4.1 and macOS 13.3.1, respectively.

Users have also been advised that the updates are also available for iOS 15 and macOS 11 and 12, according to a report by internet security solutions Kaspersky on April 17.

Based on the findings of the research, a total of two vulnerabilities were found. The first vulnerability, identified as CVE-2023-28205 and rated as “high” (or 8.8 out of 10) in severity, affects the WebKit engine, which serves as the foundation for the Safari web browser. The crux of this vulnerability is that malicious actors may run arbitrary code on a device if they access it via a website that they have created specifically for that purpose.

The IOSurfaceAccelerator object was found to have the second vulnerability, which was identified as CVE-2023-28206 and has a threat level of “high” (8.6/10). It is possible for attackers to utilize it to execute programs with core permissions of the operating system. As a result, attackers can gain root privileges, which may ‘compromise the security of users’ crypto assets,’ as per crypto journalist Colin Wu.

Therefore, these two flaws may be exploited together to achieve a greater level of success: the first flaw is used first to breach the security of the device so that the second flaw can be used. The second vulnerability, on the other hand, grants the ability to “escape from the sandbox” and do almost any action with an infected device.

Where the vulnerabilities can be found

These flaws are present in mobile operating systems, including as iOS, iPadOS, and tvOS, in addition to the desktop operating system known as macOS.

Apple has provided updates (one after the other) for a broad variety of systems, including macOS 11, 12, and 13, iOS/iPadOS 15 and 16, and also tvOS 16, as a result of the fact that not only the most recent versions of these operating systems, but also earlier generations, are susceptible to vulnerabilities.

On Apple’s mobile operating systems, only the WebKit engine is supported. Web pages on the iPhone will be rendered by WebKit regardless of the browser you use (thus, any browser on iOS is effectively Safari).

In addition, the same engine is used whenever a web page is loaded in any program. WebKit will be used to show content even if it doesn’t appear like a web page. That’s why it’s critical to always keep Safari up-to-date, even if you primarily use a different browser like Chrome or Firefox.

Infection of an iOS device or Mac with a “zero-click” exploit is feasible due to vulnerabilities in WebKit like the one detailed above. Simply luring a person to a malicious website is enough to infect their device without requiring any action on their part.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments

No comments to show.
New Bookmakers
Playfina.com

The newest member of DAMA N.V. family offers more than 6000 games and accepts a wide range of cryptocurrencies, which are arguably the most widely used form of payment for gamblers right now.

Cryptoplay.io

In the year 2021, Cryptoplay Casino went live for the first time. To bitcoin enthusiasts, the online gaming site offers an amazing game library, exclusive bonuses, and promotions.

CryptoGames

Since its inception in 2014, this crypto casino has amassed a sizable following and an even stronger reputation. This all-crypto casino has 8 Provably Fair games, a faucet, and the ability to utilize one of ten cryptocurrencies.

PlayAmo

In general, if you're looking for information on the PlayAmo casino's features and idiosyncrasies, you'll find it here.

Oshi

Oshi Casino is a bitcoin casino with a simple instant-play interface that accepts euro deposits as well as other cryptocurrencies like Ethereum.