IPHONE owners have been told to install an “important” security update, or risk cyber crooks accessing their devices.
Apple has rolled out a new security update that fixes two dangerous bugs that allow attackers to compromise iPhones from afar.
The update is titled iOS 18.1.1 for iPhone users and OS 15.1.1 for Mac users, and is available to download in today.
“With attackers potentially exploiting both vulnerabilities, it is critical that users and mobile-first organisations apply the latest patches as soon as they are able,” Michael Covington, vice president of strategy at security firm Jamf, urged.
The flaws are listed below:
- CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
- CVE-2024-44309 – A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content
While this sounds like gobbledygook to the average person, Covington, breaks it down.
“CVE-2024-44308 is a vulnerability in JavaScriptCore, a framework for running JavaScript code in apps and web browsers,” he explains.
“It allows attackers to compromise the device when malicious code in injected in the web content,” he added, like a web page or link.
CVE-2024-44309, the second flaw, was found in WebKit and lets hackers inject malware into trusted websites and exploit how cookies are managed.
Web cookies let websites remember you, your logins, and sometimes even your financial details – information which you don’t want in the hands of hackers.
“Vulnerabilities in WebKit are important to patch quickly,” Covington noted.
“It is the framework that powers Safari, and also presents other web-based content to users.”
Apple has warned that both vulnerabilities may have been exploited by criminals already on Mac systems.
However, little is known about these potential attacks.
Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) have been credited with discovering the flaws.
According to a report by The Hacker News, the flaws may have been used as part of a targeted government-backed or mercenary spyware attack.
The security update has introduced stronger checks to detect malicious activity.
Apple has also improved how devices manage and track data when iPhone users are using a Safari web browser.
iPhone tricks to try today
Here are some of the best…
- Typing cursor – When typing, hold down the space bar to turn your keyboard into a trackpad, letting you move around words and sentences more easily
- Close all Safari tabs – To do this in one go, simply hold the overlapped squares in the bottom right-hand corner, and press close all tabs
- Delete lots of photos quickly – Hold down on a photo and then drag your finger diagonally in Photos to select lots of images at once, then hit delete
- Convert currency quickly – Swipe down from the top of your Home screen, then tap in the bar and type a currency (like €200) and it will automatically covert to your local currency
- Check if you’re due a battery upgrade – Batteries inside smartphones degrade over time. Just go to Settings > Battery > Battery Health, and check out the Maximum Capacity reading. Generally a battery is considered worn when you’re down to 80% capacity. If you’re below, you can buy a battery swap from Apple
- Move apps around faster – Hold an app until it starts wiggling, then (while still holding) tap other apps, causing them to stack so you can move them around easier
Little is known about these potential attacks[/caption]