Apple on August 17 released software updates for iPhones, iPads and Macs that fix two security vulnerabilities known by Apple to be actively exploited by attackers.
- The two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel.
- Kernel is the core of the code for operating systems. Gaining access to this could give the hacker unrestricted control over the hardware and software of an affected device.
- The two flaws affect both iOS and iPadOS and macOS Monterey.
- Minister of State for Electronics & IT Rajeev Chandrasekhar also tweeted on August 19 to update iPhones with 15.6.1 to avoid zero-day exploit vulnerabilities.
- A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched.
- An exploit that attacks a zero-day vulnerability is called a zero-day exploit. Because they were discovered before security researchers and software developers became aware of them—and before they can issue a patch—zero-day vulnerabilities pose a higher risk to users.
- Zero-day loopholes in WhatsApp and Apple’s iMessage have been used earlier to install spyware tools. Pegasus, the spyware developed by the Israeli company NSO Group, also used zero-day vulnerabilities.
