EFFECTED USERS: Every iPhone, iPad and Macbook Users.  Possibly Apple TV and other Apple Users.

Hair of fire 5 of 5

SUMMARY: UPDATE NOW!! Very Serious vulnerability on multiple apple devices

A hacker can control your iPhone, iPad or Macbook.

What to do: Check for updates:

Apple or iPad:

1. Settings App.
2. Top of third section: tap ‘General”
3. Second from top: “Software Updates”
4. It Should say: “iOS is up to date.” If not, follow prompts to complete the update.

Macbook:

1. Click the Apple icon in the extreme top-left corner (it is always there, unless you are running an app on full screen.
2. Click ‘About this Mac, at the top of the drop-down menu
3. In the dialogue box that appears, click the button near the bottom-right which says “Software Update”
4. You should see the words, “Your Mac is up to date.” If not, follow prompts to complete the update.

WHY?

According to Apple:

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

– Apple, Inc. https://support.apple.com/en-us/HT213414

That’s bad. Remote code execution means that a program running outside of your phone can tell your phone what to do.

Think of it like a castle: tall walls, lots of defenses and a king/queen inside giving orders.

Imposter enters, dressed like the king/queen and starts giving orders, too.

Common Vulnerability and exposure numbers: CVE-2022-32894 & CVE-2022-32893

REFERENCES  

[1] https://support.apple.com/en-us/HT201222

[2] https://www.bleepingcomputer.com/news/security/apple-releases-safari-1561-to-fix-zero-day-bug-used-in-attacks/

[3] https://nvd.nist.gov/vuln/detail/CVE-2022-32894

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening