![]() To check which version of MacOS you have, choose About This Mac from the Apple menu and the operating system version number will appear near the top of the window that opens. If you have any questions or need more help, check our full guide to updating your Mac. If you have set MacOS to automatically download and install security updates, you might already have the latest version. If there are any system updates available, select the Update Now button to download and install the latest version. Just open System Preferences, then find and open the Software Update pane. Google reported a record number of active exploits in 2021 and predicted ongoing threats in 2022. Since these vulnerabilities have already been taken advantage of, it’s important to update as soon as possible to protect your Mac, iPhone, and iPad from malware and hacking attempts.Īpple isn’t the only tech company having trouble with zero-day vulnerabilities. When an app writes information or code to a memory address that it isn’t supposed to have access to, this is known as an out-of-bounds issue. The widespread reporting on the vulnerabilities could have influenced Apple to break its policy on providing security fixes for end-of-life devices - Apple has not commented on this explicitly, though.In both cases, Apple notes that the problem was resolved by improving bounds checks. It was a kernel-level code execution bug and the pair together garnered widespread attention from the world’s media given the severity of the potential outcomes.Īpple releases security updates for its devices usually, at least, every month so it’s not uncommon for users to skip an update or two due to the time it takes to download and install them on each device. The aforementioned WebKit vulnerability would have granted the necessary privileges to exploit the second. The second flaw, tracked as CVE-2022-32894, was a bug that required the attacker to gain an initial foothold on the target device to exploit it. It meant that nearly all devices could be exploited given the prevalence of in-app browser use, regardless of whether the user’s default browser was changed from Safari or not. The vulnerability was exploitable in any WebKit-enabled browser such as Safari and all in-app browsers on iOS and iPadOS. ![]() Reduce risk and deliver greater business success with cyber-resilience capabilities The first of these, tracked as CVE-20220-32893, was a remote code execution (RCE) flaw in WebKit, Apple’s proprietary browser engine.Ĭyber resiliency and end-user performance The Apple zero-days explained and analysedĪpple fixed two zero-day vulnerabilities, that may have been actively exploited in the wild, earlier in August. For example, Samsung offers four years of security updates ( five for enterprise devices) and other companies like Xiaomi offer no guarantees on the number of security updates they will provide users. The generally perceived average is that Android OS devices will receive three years of security updates. Other manufacturers in the Android ecosystem offer comparatively fewer updates for their devices. It can make the creation and management of security fixes easier but companies have drawn criticism over the practice which has been seen by some as a way of forcing users to pay for newer hardware sooner than needed.Īpple, however, is known to be one of the companies that offer the most amount of updates to older hardware with the current policy extending to iPhone 6 devices, released in September 2014 - eight years ago. It’s common for tech companies to decide when a device goes ‘end of life’ - the point at which it will no longer receive security updates. The exploitation of Meltdown would allow attackers to ‘melt’ the kernel-level restrictions on the chip’s hardware and potentially access highly sensitive protected data. The discovery of Meltdown was a significant one - Intel was the dominant chipmaker, for some time, in the PC and Mac market and the vulnerability was found to affect nearly every Intel chip from the previous 20 years. ![]() The last time it issued a backported fix for a major vulnerability was in 2018 when it updated older Macs to protect against the infamous Meltdown vulnerability affecting most Intel chips in use at the time of discovery.
0 Comments
Leave a Reply. |