Trend Tide News

All iPhone users warned 'update now' over two serious security risks

By Millie Turner
All iPhone users warned 'update now' over two serious security risks

IPHONE owners have been told to install an "important" security update, or risk cyber crooks accessing their devices.

Apple has rolled out a new security update that fixes two dangerous bugs that allow attackers to compromise iPhones from afar.

The update is titled iOS 18.1.1 for iPhone users and OS 15.1.1 for Mac users, and is available to download today.

"With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organisations apply the latest patches as soon as they are able," Michael Covington, vice president of strategy at security firm Jamf, urged.

The flaws are listed below:

While this sounds like gobbledygook to the average person, Covington, breaks it down.

"CVE-2024-44308 is a vulnerability in JavaScriptCore, a framework for running JavaScript code in apps and web browsers," he explains.

"It allows attackers to compromise the device when malicious code is injected into the web content," he added, like a web page or link.

CVE-2024-44309, the second flaw, was found in WebKit and lets hackers inject malware into trusted websites and exploit how cookies are managed.

Web cookies allow websites to remember you, your logins, and sometimes even your financial details - information that you don't want in the hands of hackers.

"Vulnerabilities in WebKit are important to patch quickly," Covington noted.

"It is the framework that powers Safari, and also presents other web-based content to users."

Apple has warned that both vulnerabilities may have been exploited by criminals already on Mac systems.

However, little is known about these potential attacks.

Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group (TAG) have been credited with discovering the flaws.

According to a report by The Hacker News, the flaws may have been used as part of a targeted government-backed or mercenary spyware attack.

The security update has introduced stronger checks to detect malicious activity.

Apple has also improved how devices manage and track data when iPhone users are using a Safari web browser.

Previous articleNext article

POPULAR CATEGORY

commerce

8833

tech

9842

amusement

10615

science

4783

various

11227

healthcare

8457

sports

11167