Apple iPad, mac IOS vulnerable to malicious code execution
The Multi-State Information Sharing and Analysis Center (MS-ISAC) issued an advisory concerning Apple products. Multiple vulnerabilities have been discovered in Apple Products. The most severe security bug could allow for arbitrary code execution.
Affected operating systems include iOS 14.8.1 and iPadOS 14.8.1, macOS Monterey 12.0.1, macOS Big Sur 11.6.1, watchOS 8.1, iOS 15.1 and iPadOS 15.1, tvOS 15.1 as well as others.
“Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data,“ says the advisory.
Currently, there are no reports of these vulnerabilities being actively exploited. However, all affected systems should be updated as soon as possible.
All users should apply the principle of Least Privilege to all systems and services.
To help avoid exploitation by hackers, Apple products should be updated as soon as possible.
- Apply appropriate patches provided by Apple to vulnerable
- Set all software to run without using administer level privileges when possible
- Do not to download, accept, or execute files from untrusted and unknown senders or sites
- Do not use untrusted websites
- Do not click on links to untrusted or unknown sites or download
- Evaluate all requested permissions on all new software and apps