Thu, August 18, 2022 at 4:52 PM SAN FRANCISCO (AP) — Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices. Apple released two securityreports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications. Apple’s explanation of the vulnerability means a hacker could get “full admin access" to the device. That would allow intruders to impersonate the device's owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security. Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher. https://www.yahoo.com/finance/news/apple-warns-security-flaw-iphones-215229264.html
iOS 15.6.1—Update Now Warning Issued To All iPhone Users https://www.forbes.com/sites/kateof...g-issued-to-all-iphone-users/?sh=12ba567067a9 Apple has released iOS 15.6.1, along with a warning to update now, because it fixes two security holes already being used to attack iPhones. The first issue fixed in iOS 15.6.1 is a vulnerability in the iPhone Kernel tracked as CVE-2022-32894 that could allow an application to execute code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker says on its support page. The other issue patched in iOS 15.6.1 is a flaw in WebKit, the browser engine that powers Safari, CVE-2022-32893, that could allow arbitrary code execution. Apple says it believes attackers have used it in real-life scenarios. The iOS 15.6.1 upgrade “provides important security updates and is recommended for all users,” Apple says in its release. Apple’s iOS 15.6.1 comes just weeks after iOS 15.6, and is the latest of multiple iOS fixes for already exploited issues this year.
Thanks. I happened to have my phone on the charger and just saw the message that the new iOS will be installed tonight. I think I'm at low-ish risk because I don't have a lot of apps installed, I don't surf the web much with it, and I use Firefox and not Safari. With all the Apple users there are, I wonder why this has not been more widely picked up in the news. Where did you hear about it?
Mine are set to auto-update, too. But I looked at my phone earlier and it had not updated, so I manually did so. My regular iPad updated but my mini did not. I need to crank up the MacBook and get it updated; it has been sitting unused for several months.
Yeah, sometimes they wait until the device is idle to update, which usually works fine with my iPhone because it's almost always on, but I usually shut my Mac Mini off when I'm not using it, so I sometimes have to do manual updates with it. My MacBook probably needs to be updated because haven't used it in about a week. Probably, I'll see about that tomorrow. Otherwise, if someone takes over my accounts, perhaps they can do a better job of it.
My phone does not update unless it is on the charger and it sees a WiFi signal. Even then--for some reason--it says "Will update tonight" instead of just updating when those 2 conditions are met. My watch is another issue... I read that Yahoo Finance article. It was interesting in that the cybersecurity guy said that those most at risk would be ones who are targeted by international bad actors: CEOs of major corporations, politicians, etc.
This is what I found disturbing... (from the Forbes article) The other issue patched in iOS 15.6.1 is a flaw in WebKit, the browser engine that powers Safari, CVE-2022-32893, that could allow arbitrary code execution. Apple says it believes attackers have used it in real-life scenarios. I always worry about the passwords I have stored on Firefox and what would happen if they had a breach. Ugh. I wish all hackers would just die.
I do, too, and wonder why you don't hear of that happening. I have a ton of passwords on there...pretty much everything except my financial stuff.
Par for the course. Very evil people ruling over us for a very long time. Makes me understand the verse " nothing new under the sun" more every day.
I wonder if they've changed things at some point. This is the Apple Support document, but it obviously does not state which models it refers to. Note Step #2: *******************************************************Update your iPhone, iPad, or iPod touch wirelessly Back up your device using iCloud or your computer. Plug your device into power and connect to the internet with Wi-Fi. Go to Settings > General, then tap Software Update. If you see two software update options available, choose the one that you want to install. Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now. If you don't know your passcode, learn what to do. ******************************************************* I've read this in multiple places, and know from experience that my iPhone12 will not update unless it is hooked up to a charger. The same thing applies to my Apple watch updates...the watch must be on a charger, the phone must be on a charger, and they must be within communication range (because the updates are processed through the phone.) It's quite annoying when I have the thing set to "Automatically Update" and I find there's an update that's been hanging out there--uninstalled--waiting for the proper set of conditions to be created (both phone and watch.) My Android was never like this. It updated on battery power via the cell signal...I never had to manually manage the automatic updates like I do with the Apple.
I have an iPhone 12 Pro and it will update without being plugged in. The only times that it made me plug it in were when the batteries were low.