- Two iOS Errors have been patched by Apple
- The problems could have made it possible for hackers to perform targeted attacks
- Geopolitical tensions have meant an increase in state -sponsored attacks
A new iOS software update has been released to pat on two security defects that, when exploited, allowed cyber criminal hacke specific target units in an “extremely sophisticated attack”, Apple has confirmed.
The vulnerabilities are in Coreaudio and RPAC and affected iOS, Tvos, Visionos and iPados – and were discovered by Apple and Google Threat Analysis Group (tag).
It has not yet been confirmed how many times these deficiencies were deployed, or against whom, but Google Tag’s focus is working to “counteract government -supported hacking and attacks against Google and our users” that suggest that exploitation was used by nation -state actors, or at least involved in some way.
Unknown victims
Adam Boynton, Senior Security Security Strategy Manager Emeia at Jamf, toldTechradar Pro The first vulnerability that was treated was an “actively exploited Coremedia error that could have allowed malicious code execution through the treatment of a media file,” and that Apple has mitigated this by “implementing improved boundaries.”
The other vulnerability determined by Apple could allow attackers with reading or writing access to side -point -Pinter approval, as Boynton told us, is “a security mechanism designed to withstand memory information attack -booking it allows an attacker to start attacks and access to parts of the device’s memory.”
“With the security rights in iOS 18.4.1, which addresses two zero-day vulnerabilities, it is important that all users immediately update their Apple devices,” Boynton.
“The fact that these two vulnerabilities are extremely sophisticated to exploit, explain why Apple has only observed attacks against specific, targeted individuals. However, the limited scope of these attacks should not deter users from updating their devices immediately.”
Nearly half of British companies report an “rising number” of state -sponsored threat actors in the last 12 months, and increased geopolitical tensions provide a hostile cyber security landscape. Patching known security errors are a first line of defense for all users and should be a priority for all security teams.
