Users with iPhone, iPad and Mac must urgently download latest security patch

Apple has a new update for its customers to download to avoid vulnerabilities in their computers

Guardar
ILUSTRACIÓN - Los fallos de seguridad en la versión 14.3 del sistema operativo  iOS ya son aprovechados por los piratas informáticos. Foto: Zacharie Scheurer/dpa
ILUSTRACIÓN - Los fallos de seguridad en la versión 14.3 del sistema operativo iOS ya son aprovechados por los piratas informáticos. Foto: Zacharie Scheurer/dpa

Faced with threats against macOS Monterey and iOS and iPadOS, Apple released a patch this week to fix two zero-day vulnerabilities, according to the Cupertino company.

It was on Thursday that they made the announcement, ensuring that they will keep abreast of the possibility that the vulnerabilities could be actively exploited by attackers in malicious campaigns.

These are CVE-2022-22675 and CVE-2022-22674. The first one only affects iOS and iPadOS, but both are present on macOS. According to Apple, the updates are 15.4.1 for iOS and iPadOS, and 12.3.1 for macOS Monterey.

According to ESET, regarding the impact of vulnerabilities, the CVE-2022-22674 affects only macOS Monterey and lies in the Intel Graphic Driver. The bug consists of an “out-of-bounds” reading problem, that is, out of bounds, which if exploited would allow an application to read kernel memory.

Imagen de Archivo/Apple está probando muestras de chips de memoria flash NAND (Foto: Archivo/Bloomberg)

In the case of CVE-2022-22675, in addition to macOS Monterey, it also affects iPhone 6s and previous models, all models of iPad Pro, iPad Air 2 and earlier, iPad 5th generation and earlier, iPad mini 4 and earlier and iPad touch 7th generation.

The vulnerability lies in AppleAVD, which is Apple's framework for decoding audio and video, and allows an attacker to execute arbitrary code with kernel privileges, which implies it can execute any command on the vulnerable computer.

While Apple revealed that it is aware of the possibility that both vulnerabilities are being exploited by threat actors in malicious campaigns, it did not reveal many details.

It should be noted that zero-day threats are not the first to be patched by Apple so far in 2022. In February, the company released an update to fix CVE-2022-22620 that affected iOS, iPadOS and macOS that allowed remote code execution; and prior to this bug it had patched two other vulnerabilities that allowed arbitrary code execution, such as CVE-2022-22594 and CVE-2022-22587.

Apple Store en Nueva York (Foto: Archivo)

To avoid becoming a victim of any vulnerability, it is best for users to update their devices as soon as possible to keep their computers safe with the latest security patches.

As a general rule, users automatically receive a message announcing that the update is available. In this case, just click “Install Now”.

Those who have not yet received the notification, should connect the device to the charger, activate WLAN and go to “Settings/General/Software Update”. Then, they just have to click “Download and Install”.

Usuarios deben actualizar sus dispositivos Apple. (Foto: La Manzana Mordida)

Apple introduced a new version of the iPhone SE and the fifth generation of the iPad Air. The new 4.7-inch iPhone SE 3 retains its design similar to the iPhone 6, while the new 10.9-inch iPad Air visually approaches the iPad Pro. Both devices have been updated with 5G connectivity, a feature that is offered on the iPad as an option.

iPhone SE 3 features the same A15 Bionic processor as iPhone 13. According to Apple, the chip manages to improve the performance and functions of the camera, as well as ensure longer battery life.

The fifth-generation iPad Air features an octa-core M1 chip already known in Mac computers. Through it, the manufacturer promises up to 60 percent more power than that offered by the A14 chip of the predecessor model.

(With information from agencies)

KEEP READING

Guardar