iSPY: More Apple bugs found giving cybercriminals access to images and messages on iPhones – here are ways to protect your personal data
Privacy experts have identified two more Apple bugs in less than 10 days after the tech giant revealed other iOS 16 issues.
The latest discovery allows cybercriminals to bypass security and run malicious code to access users’ images and messages, along with the address book and calendar.
There are several ways to protect your personal information from hackers lurking in the shadows, such as using only trusted apps in the App Store and not opening messages from unknown users.
Apple recently added the new vulnerabilities to its product security updates page and is urging users to download iOS 16.3.1 to fix the issues.
More Apple vulnerabilities have been found. This gives attackers access to personal information such as photos, messages and calendars
Privacy experts at VPNOverview shared news about the vulnerabilities, CVE-2023-23520 and CVE-2023-23531, which allow attackers to bypass this cryptographic signing process and execute malicious code from within the shielded security sandbox.
Christopher Bulvshtein, of VPNOverview, said in a statement: “Apple has strict restrictions on what software can run on devices. Android allows third-party app downloads as an alternative, which is why we often see more Android malware.
Part of these security measures is that all apps are ‘signed’ by an Apple developer certificate.
“Apps are also limited in the actions they can perform – in effect, they are kept within their ‘sandbox’.”
These vulnerabilities allow cybercriminals to access calendars, addresses, photos and videos, and stored files.
Hackers may be able to spy on users using their own audio or video capabilities.
VPNOverview has shared tips on how to protect your personal information.
The tips only include using the trusted app, as there are examples of it collecting more data than it should.
Apple and security experts urge users to update their iPhones to prevent hackers from stealing their personal information
A tip to keep your device safe is not to trust unknown devices when connecting your iPhone
Another does not trust unknown devices when connecting your iPhone.
When you connect your smartphone to a computer for charging, a notification appears on the screen asking if the device should be trusted – always select ‘don’t allow’.
VPNOverview also urges users not to click likes or open messages from unknown senders and to keep their devices updated with the latest operating system.
The previous vulnerabilities, identified earlier this month, were added to the Homeland Security alert list.
One of the problems is in Webkit, a Safari browser engine that allowed bad actors to run arbitrary code on an iPhone, and Homeland Security believes it may have been exploited.
The second vulnerability in Kernel could allow an attacker to seize privileges, but the tech giant is unaware that this has been used.
It’s unclear how long the vulnerabilities will plague devices.
Apple says it “does not disclose, discuss, or confirm security vulnerabilities until an investigation has been made and patches or releases are available.”
Apple’s release notes reveal that the iOS 16.3.1 update also includes multiple bug fixes, addressing iCloud and Siri issues, along with more Crash Detection optimizations.
The initial release of iOS 16.3 was in June, which allows users to make silent calls with Emergency SOS and offers enhanced two-factor security and advanced data protection.
Apple’s Emergency SOS service has been upgraded to ring silently if you enable the feature via a slider option (useful in situations where an attacker may be present).
It’s an option you enable so that when you make an SOS call through the Emergency SOS service, the phone doesn’t flash or count down.