Privacy experts have identified two more Apple bugs less than 10 days since the tech giant revealed others plaguing iOS 16.
The latest discovery lets cybercriminals bypass security protections and run malicious code to access users’ images and messages, along with the address book and calendar.
There are several ways to protect your personal information from hackers lurking in the shadows, such as only using trusted apps in the App Store and not opening messages from unknown users.
Apple recently added the new vulnerabilities to its product security update page, urging users to download iOS 16.3.1 to patch the issues.
More Apple vulnerabilities have been found. These let attackers access personal information like photos, messages and calendars
Privacy experts at VPNOverview shared news of the vulnerabilities, CVE-2023-23520 and CVE-2023-23531, allowing attackers to bypass this cryptographic signing process and run malicious code out of its ring-fenced security sandbox.
Christopher Bulvshtein, from VPNOverview, said in a statement: ‘Apple has stringent restrictions around what software can run on devices. Android, as an alternative, allows third-party app downloads, which is why we commonly see more Android malware.
‘Part of these security measures involves all apps being ‘signed’ by an Apple developer certificate.
‘Apps are also limited in the actions they can perform – effectively being kept within their ‘sandbox.”
These vulnerabilities allow cybercriminals to access calendars, addresses, photos and videos and stored files.
Hackers could potentially spy on users using their own audio or video capabilities.
VPNOverview has shared tips on how to protect your personal information.
The tips include only using the trusted app because there are examples of them collecting more data than what they should.
Apple and security experts are urging users to update their iPhones in order to keep hackers from stealing their personal information
One tip to keep your device safe is to not trust unknown devices when connecting your iPhone
Another is not trusting unknown devices when connecting your iPhone.
When you plug your smartphone into a computer to charge, a notification appears on the screen and asks whether the device should be trusted – always select ‘don’t allow.’
VPNOverview also urges users not to click on likes or open messages from unknown senders and to keep their devices up to date with the latest operating system.
The previous vulnerabilities, identified earlier this month, were added to the Homeland Security warning list.
One of the issues is in Webkit, a Safari browser engine that allowed bad actors to execute an arbitrary code on an iPhone and Homeland Security believes it may have been exploited.
The second security flaw in Kernel could allow an attacker to take over privileges, but the tech giant is unaware this has been used.
It is unclear how long the vulnerabilities have been plaguing devices.
Apple says it ‘doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.’
Apple’s release notes show that the iOS 16.3.1 update also includes multiple bug fixes, addressing issues with iCloud and Siri, along with more Crash Detection optimizations.
The initial release of iOS 16.3 was in June, which allows users to call silently with Emergency SOS and provides improved two-factor security and advanced data protection.
Apple’s Emergency SOS service was upgraded to call silently make calls if you enable the function via a slider option (useful in situations where an attacker might be present).
It is an option you enable so that when you make an SOS call via the Emergency SOS service, the phone will not flash or make a countdown.
