Overview: Multiple vulnerabilities have been discovered in Apple products. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs or view, change, or delete data.
Apple is aware that threat CVE-2022-22675 is currently being exploited in the wild.
- Safari prior to 15.5
- tvOS prior to 15.5
- Xcode prior to 13.4
- macOS Catalina prior to Security Update 2022-004
- macOS Big Sur prior to 11.6.6
- macOS Monterey prior to 12.4
- iOS and iPadOS prior to 15.5
- watchOS prior to 8.6
– Large and medium government entities: High
– Small government entities: Medium
– Large and medium business entities: High
– Small business entities: Medium
Th Multi State Information Sharing and Analysis Center (MS-ISAC) recommends the following actions be taken:
- Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments, especially from untrusted sources.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Block execution of code on a system through application control, or script blocking.
- Restrict execution of code to a virtual environment on or in transit to an endpoint system.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc., behavior.
I don’t know if understand technology. Just worried. If I use Chase banking app on an old iPhone (OS is up to date) am I at risk of someone stealing my money? TY
If your iOS is up to date at 15.5 you’re safe from this vulnerability.
Make sure you use Two-Factor Authentication on your Chase app (and any other app where there are money transactions or sensitive data, like Amazon, etc.). A VPN app will give you added protection by obscuring your IP address and location while encrypting your data. With a VPN app you can pick your geographical location almost anywhere in the world. Stick to the US unless you like your searches to show up in Swedish, for example!
Apparently, an apple a day will keep the doctor away, but it won’t keep the hackers away.
I remember, in the 80’s, viruses were called worms.
Fauci: “My recommendation is that everyone take the worm vaccine. That way, even if someone does catch the worm, it will feel like nothing more than a mild bug in his system.”
Interviewer: “Apparently, even Bill Gates is concerned about the worm, and he’s not even an Apple guy! He’s very big into the vaccine!”
Fauci: “That’s right! Because Bill Gates, with his Microsoft software, has plenty of experience with bugs, which is why he is a big advocate of the worm vaccine.”
Interviewer: “But Dr. Fauci, a worm is neither a bug or an insect!”
Fauci: “Well, I am not an Entomologist, so I wouldn’t know about that, but when you’ve had experience with bugs, like Mr. Gates has had with Microsoft, you realize it’s worth it to get the worm vaccine.”
Interviewer: “Dr. Fauci, thank you for your time. I’m sorry if I’m bugging you too much.”
Fauci: “No problem at all, I’ve already had the vaccines and the booster, so I’m not concerned about the bugs. Moreover, I’m so used to being bugged all day, that I’m already immune to it.”
Interviewer: “Thanx, Dr. Fauci. Next up, we’ll be discussing a brand new procedure that can permanently implant a facemask on your face. Don’t go away. We’ll be back in a few minutes.”
Fauci: “Can I go?”
Interviewer: “Of course you can.”
Thank you!i am not familiar with VPNapo of how to use it
@Steve… you’re a riot. Love it!
Shlomo it’s VPN app. Get one from the Apple store online.
Comments are closed.