Following the release of a vulnerability notice by Kaspersky to iOS and macOS device users, cryptocurrency security company SlowMist urged users to urgently update their software.
SlowMist Says Users Need to Update Their iOS Devices Urgently for Cryptocurrency Security
The notification exposed two serious vulnerabilities in both iOS and macOS that could allow attackers to gain root privileges and compromise user assets.
The vulnerabilities, designated CVE-2023-28205 and CVE-2023-28206, were found in the WebKit engine and the IOSurfaceAccelerator object, respectively, and can be combined to allow hackers to escape the device’s sandbox and run almost anything with the infected device.
The WebKit engine is the only browser engine allowed on Apple’s mobile operating systems, making users of all browsers on iOS vulnerable to the vulnerability, including Google Chrome and Mozilla Firefox. What’s more, the vulnerabilities could infect an iPhone, iPad, or Mac with a “zero-click” virus; which means that without any active action by the user, the device can become infected.
Although Apple has released updates for the latest version operating systems, it has also provided updates for some earlier versions. Those using the latest iOS, iPadOS or tvOS devices will need to update to version 16.4.1, and those with older iPhones or iPads will need to update to version 15.7.5.
MacOS users using Ventura OS need to update to macOS 13.3.1, macOS Big Sur or Monterey users need to update to macOS 11.7.6 or 12.6.5 respectively, and install a separate update for Safari.
*Not investment advice.