That doesn't mean you should skip the update, These two security issues, however, don't have that warning, which means that no known attacks have been reported. Usually, when such vulnerabilities have been exploited by threat actors, Apple mentions it in the security update documentation to educate users about potential risks. You can find the original reports by the security experts here: 1 and 2. The vulnerability was mitigated by improving some checks. an attack can cause an unexpected app termination or remote code execution. The other issue, filed as CVE-2022-40304, could have a similar impact, i.e. Apple says it fixed the issue by addressing an integer overflow through improved input validation. The first issue, which has been identified as CVE-2022-40303, could allow a remote user attackers to terminate an app or execute arbitrary code. So these vulnerabilities affect other operating systems as well, including Linux distros. According to the release notes published on Apple's website, both issues are related to libxml2, which is a library that is used for parsing XML and HTML files. The Cupertino company has credited three security researchers of the Google Project Zero team for discovering the vulnerabilities. What's new in macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |