Apple fixes several security bugs in iOS, iPadOS and Safari browsers
Several high-severity bugs have been reported in some versions of Apple’s iOS, iPadOS, and Safari browsers. India’s Computer Emergency Response Team has released vulnerability notes recommending users to update their devices to the latest versions with patches.
(For insights on emerging themes at the intersection of technology, business and politics, subscribe to our tech Today’s Cache newsletter.)
iOS and iPadOS
Security bugs in iOS and iPadOS could allow remote attackers to access sensitive information on devices, execute arbitrary code, cause denial of service conditions, and spoof the interface on systems targeted.
These bugs exist due to improper security restrictions, bounds checking, validation, and memory management in several software components.
Apple also shared details of a security bug that could allow apps to record audio using connected AirPods.
Bugs could be exploited by attackers by tricking victims into opening specially crafted files or applications.
Security bugs affecting versions prior to iOS 16.0.3 and iPadOS 16 are being exploited in the wild.
Security bugs in the Safari browser could allow attackers to spoof URLs, leak sensitive information, or execute arbitrary code on targeted systems.
The bugs exist due to poor UI handling, type confusion and logic issue in Webkit components, and use after free issues in WebKit PDF components.
These security bugs can be exploited by attackers by running a specially crafted application.
The bugs were found in versions of Safari earlier than 16.1 running on macOS Big Sur and macOS Monterey