![]() He says an attacker would need to “chain the Kernel level vulnerabilities with some of the other flaws to allow a malicious app to exploit them.” The iOS 16.1 update fixes some high-severity issues that would allow an attacker to gain full access to the device, says independent security researcher Sean Wright. However, he warns: “Given the high price that working iPhone zero-days command in the cyber-underworld, we assume that whoever is in possession of this exploit knows how to make it work effectively and is unlikely to draw attention to it themselves, in order to keep existing victims in the dark as much as possible.” Yes, it’s likely these are targeted at a small number of people-like the Pegasus spyware attacks-but with limited details available, the only way to be sure is to upgrade.Īpple hasn’t said which cybercrime group or spyware company is abusing this bug, Paul Ducklin, a researcher at security firm Sophos writes. I always suggest applying important iPhone updates straight away-and iOS 16.1 is no exception since CVE-2022-42827 is being used in real-life attacks. What’s known about the iPhone security issue, CVE-2022-42827? ![]()
0 Comments
Leave a Reply. |