Apple fixes vulnerabilities in OS

As of Tuesday, a new iOS setting addressing security vulnerabilities has been introduced to beta testers, aiming to counter a security issue enabling thieves to hijack iPhone accounts, access passwords, and steal money.

The Wall Street Journal reported a nationwide surge in thefts where thieves observed users unlocking iPhones before stealing them. Apple plans to include Stolen Device Protection in a forthcoming software update. This feature, once activated, restricts certain settings when users are away from familiar locations. Changing passwords under this setting requires Face ID or Touch ID, with an hour-long delay and additional confirmation before the action is completed. However, it’s noted that anyone with the phone and passcode can still unlock it, and apps without additional protection or accounts resettable by text or email remain vulnerable to hacking.

Diving into the details of the recent patches:

Process Enumeration Patch:

Apple has introduced a patch to prevent applications from enumerating processes on devices. Although developers commonly used this access to obtain process and app information, it posed a risk of accidental disclosure of personal data. While beneficial for legitimate purposes, preventing misuse by malicious actors is crucial.

Remote Controllable Executable (RCE) Attacks:

This update addresses at least three remote controllable executable (RCE) attacks. RCEs allow attackers to take over a device through actions like clicking a link or opening a document. Swift patching is essential to thwart potential exploitation. Enterprises, in particular, should prioritize these patches, as RCEs can provide unauthorized access to sensitive corporate data present on employees’ mobile devices.

Other Patches:

The release includes patches for denial of service attacks, remote code execution, privilege escalation, and user information disclosure. These patches cover Apple’s libraries and services, as well as third-party libraries like libxml2 and libxslt, which have had security issues addressed earlier in the year.

Given that a significant percentage of IT and security leaders believe sensitive corporate data resides on employees’ mobile devices, maintaining up-to-date software versions is crucial for data protection. As a best practice, iOS users are strongly encouraged to promptly update their devices when the new OS update becomes available.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.