On Aug 31th, tech giant Apple rolled out security updates for their older iPhone models to fix a out-of-bound vulnerability in older iPhone models. Apple didn’t disclose the technical details about the flaw to avoid the exploitation of the vulnerability. Let’s explore what Apple has shared about the vulnerability in its security advisory.
If you missed the recent security update by Apple, Apple disclosed two vulnerabilities in its recent security update in that it disclosed two vulnerabilities which were being tracked as CVE-2022-32893 and CVE-2022-32894 are out-of-bound vulnerabilities in WebKit and kernel of Apple platforms: iOS, iPadOS, and macOS. There after Apple responded those vulnerabilities by releasing iOS v15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1 to fix these flaws.
Apple has released a new security advisory on the same vulnerabilities again on Aug 31th. As per the report, these recently disclosed vulnerabilities are now again being targeted by hackers, but this time on the older iPhone models. Apple also rings an alarm with a statement “These vulnerabilities are now actively being exploited in the wild.”
To recall.
It is an out-of-bound write issue in WebKit that allows attackers to carry out arbitrary code execution with maliciously crafted web content.
It is an out-of-bound issue in Kennel that allows attackers to execute arbitrary code with kernel privileges using a malicious or vulnerable application.
Apple says that iPhone models iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) are vulnerable only to CVE-2022-32893 (out-of-bound vulnerabilities in WebKit). Moreover, Apple left a note to its users that all these older models are not affected by CVE-2022-32894 (out-of-bound vulnerabilities in Kerned).
Since the flaw is actively actively being exploited in the wild it is recommended to upgrade the patch to fix the out-of-bound vulnerabilities in Older iPhone models.
Apple released security updates in that it says it has released iOS v12.5.6 to fix the flaw. We recommend all the users of iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) upgrade their OS to the latest release (v12.5.6 at the time of publishing this post). Please visit the Apple security updates page to read information about all the recently released security updates.
Follow the procedure shone in this picture to update iOS and iPadOS:
Go to Settings > General > Software Update > Click on Download and Install Updates.
https://www.instagram.com/thesecmaster/We hope this post would help you know how to patch out-of-bound vulnerability in Older iPhone models. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.