1. Home
  2. Security
  3. Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now
Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now

Apple Fixes Old iPhone Zero-Day Security Flaw - Update Now

If you have an older iOS device like the iPhone 6 or iPad Air, we recommend downloading Apple's latest update, iOS 12.5.4.

Apple's security information says that this update squashes two serious security flaws related to the Safari browser, more specifically the page rendering engine that runs it, called WebKit. Both flaws are considered "zero-day" flaws because they may have already been exploited, i.e., used by hackers to attack iPhone users.

The first zero-day flaw, listed as CVE-2021-30761, involves a memory corruption issue in WebKit; the second, CVE-2021-30762, allows malicious code to enter WebKit's memory space after WebKit has freed memory This is a "use after free" bug in information security terms.

Both flaws were discovered by "anonymous researchers," Apple said, and both allow "maliciously crafted web content" to execute code on iOS devices. In other words, the flaw could allow a poisoned website to install and execute malware on an iPhone. This flaw appears to be specific to iOS 12.

The third flaw, CVE-2021-30737, contains a memory corruption issue in ASN.1 (software used to encrypt and decrypt secure communications), although it does not appear to be used in active attacks.

The same flaw was discovered by "xerub" and fixed in new iPhones with iOS 14.6 in May. Attackers can use this flaw to force an iOS device to load and execute malware after reading a maliciously created security certificate.

Apple has patched these flaws for all devices running iOS 12, including the iPhone 5s (released in 2013), iPhone 6 and iPhone 6 Plus (both released in 2014). These devices were not upgraded to iOS 13, so they remain point releases of iOS 12.

Apple continues to push security updates for older devices, keeping them secure even if they are denied more modern features. It would be hard to find an 8-year-old Android phone that still offers security updates.

Nevertheless, millions of people could be affected by these flaws. Maybe they still use an old iPhone, or maybe they have an old device lying around that they use occasionally; that old iPad they use for YouTube, or that old iPhone they gave their child, could be vulnerable.

To update your iOS device, head to the settings menu, look for "General" and tap "Software Update," which will find a new patch and download it for you. You may want to make sure you've made a full backup of your device first, just in case.

Source: https://www.tomsguide.com/news/apple-fixes-zero-day-security-flaws-on-older-iphones-update-now

Categories

Comments

There is no comments

About Us

Do you like technology and are you geek? Then, this is your magazine!

Navigation

Copyright © 2024 WolkyTech - SVT