Apple patches double zero-day exploits – update now – In The News

ByCraig Haley

Apple has pushed an emergency update to all iPhone, iPad and Mac users to fix TWO security vulnerabilities that – according to Apple – are already being exploited by criminals.

Our regular readers will know that if the bad guys are already exploiting the vulnerabilities then they’re known as “zero-day” vulnerabilities – the “bad guys” are already using them before the “good guys” were aware they existed.

The first security vulnerability is called a RCE vulnerability, which stands for Remote Code Execution. The vulnerability affects any Internet browser on Apple mobile devices, even if it’s not the inbuilt Safari browser, and allows a crook to launch an attack on an Apple device even if the owner merely visits an infected webpage. We also call that type of exploit a drive-by attack or a zero-click attack.

A second vulnerability, known as a privilege elevation exploit, can allow a crook to obtain administrative powers on a device. It could also be used in conjunction with the first RCE vulnerability.

That means that the first vulnerability affecting the Internet browser could allow a crook to get a foothold into a device. They could then use the second “privilege elevation” vulnerability to extend their foothold into full control of a device.


Sponsored Content. Continued below...




All-in-all, the pair of vulnerabilities could afford an attacker full control of a device when the owner merely visits an infected website. That’s as serious as it gets in cybersecurity land.

Thankfully, Apple already has some software patches to fix this issue. iOS can be updated to 15.6.1. MacOS (Monterey) can be updated to 12.5.1.

We strongly recommend updating straight away via your usual method. If you have updates set to install automatically it is still worth checking that the updates have been applied (Settings > General > Software Update.)

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)