Apple rolls out software updates not only to add new features for its users but also to keep them safe. The Cupertino-based tech giant recently rolled out iOS 16.5.1 update which fixed two critical security flaws along with adding new features on iPhones. Now, the government’s cybersecurity watchdog, CERT-In has shared a new warning for MacBook users. The government body has noted a high severity rating for the bug that is exposing Mac users.
What is the vulnerability
According to CERT-In, the latest security flaw, named CVE-2023-32439, is affecting Apple Safari versions before 16.5.1 for macOS Monterey.
How this vulnerability can affect users
The government agency claims that the new vulnerability reported in Apple Safari can allow a remote attacker to execute codes arbitrarily on targeted systems. CERT-In also explains that this vulnerability exists in Apple Safari due to a type of confusion error in the WebKit component.
CERT-In has also mentioned that an attacker can exploit this flaw by persuading the victim to open a specially crafted file or app.
Apple has already acknowledged the issue and is yet to roll out a fix for the same. For customers’ protection, The company said that it doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available.
iOS 16.5.1 fixed two security issues
Two critical security flaws that Apple patched with iOS 16.5.1 was reportedly been used to hack iPhones in Russia. Cybersecurity firm Kaspersky flagged off the security flaw. Apple has also thanked Kaspersky for pointing out these vulnerabilities.
The cybersecurity company noted that “the malicious code installed after infection had 24 commands, including extracting passwords from Apple’s Keychain, monitoring locations, and modifying or exporting files.”
What is the vulnerability
According to CERT-In, the latest security flaw, named CVE-2023-32439, is affecting Apple Safari versions before 16.5.1 for macOS Monterey.
How this vulnerability can affect users
The government agency claims that the new vulnerability reported in Apple Safari can allow a remote attacker to execute codes arbitrarily on targeted systems. CERT-In also explains that this vulnerability exists in Apple Safari due to a type of confusion error in the WebKit component.
CERT-In has also mentioned that an attacker can exploit this flaw by persuading the victim to open a specially crafted file or app.
Apple has already acknowledged the issue and is yet to roll out a fix for the same. For customers’ protection, The company said that it doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available.
iOS 16.5.1 fixed two security issues
Two critical security flaws that Apple patched with iOS 16.5.1 was reportedly been used to hack iPhones in Russia. Cybersecurity firm Kaspersky flagged off the security flaw. Apple has also thanked Kaspersky for pointing out these vulnerabilities.
The cybersecurity company noted that “the malicious code installed after infection had 24 commands, including extracting passwords from Apple’s Keychain, monitoring locations, and modifying or exporting files.”
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
