- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
- I compared a $190 robot vacuum to a $550 one. Here's my buying advice
- I finally found a reliable wireless charger for all of my Google devices - including the Pixel Watch
Apple Releases Security Patches For Older iPhone and iPad Models
Apple has released fixes for a vulnerability affecting older iPhone and iPad models that could lead to remote code execution (RCE).
The tech giant released the iOS 15.7.4 and iPadOS 15.7.4 updates alongside the new iOS 16.4 and iPadOS 16.4 versions (for newer Apple models) on Monday.
The flaw affects a number of older Apple devices, including all iPhone 6s and iPhone 7 models, the first-generation iPhone SEs, the iPad Air 2, the fourth-generation iPad mini and the seventh-generation iPod touch.
The vulnerability (CVE-2023-23529) refers to a type confusion bug in the WebKit browser engine. It was reportedly fixed by Apple on February 13, but only disclosed on Monday.
“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple explained in the advisory. “For our customers’ protection, Apple doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available.”
At the same time, the Cupertino-based company said they were aware of “a report that this issue may have been actively exploited.”
As is customary, the company did not share details about how the vulnerability was being exploited in the wild or what its impact was on iPhone and iPad users. Apple said the type confusion issue was addressed with improved checks. An anonymous researcher was credited with the discovery.
The patches come a few months after Apple released a separate fix for a zero-day security flaw (CVE-2022-42856) that was actively exploited in the wild.
More recently, cybersecurity researchers from Trellix have shed light on six vulnerabilities on macOS and iOS, and an entirely new bug class based on the ForcedEntry attack used to deploy the NSO Group’s mobile Pegasus malware.
Editorial image credit: nikkimeel / Shutterstock.com