Two more Apple bugs have reportedly been identified by privacy experts less than 10 days after it was revealed by the technology company that others had been affecting iOS 16. It has been discovered that security protections can be avoided by cybercriminals to then run venomous code that would allow them to access users' images, messages, address book and calendar.
Users can protect their personal information from hackers in several different ways, including not opening messages from unknown users and exclusively using trusted apps in the App Store. The new vulnerabilities were recently added by Apple to its product security page, encouraging users to downloads 16.3.1 to ensure the issues are patched, reports Mail Online.
The weaknesses, CVE-2023-23520 and CVE-2023-23531 were shared by privacy experts at VPNOverview, and allow cybercriminals to avoid the cryptographic signing process and run threatening code out of its ring-fenced security sandbox.
Christopher Bulvshtein, from VPNOverview, said in a statement: "Apple has stringent restrictions around what software can run on devices. Android, as an alternative, allows third-party app downloads, which is why we commonly see more Android malware. Part of these security measures involves all apps being 'signed' by an Apple developer certificate.
"Apps are also limited in the actions they can perform – effectively being kept within their 'sandbox.''
Other than the earlier named apps that the code would allow hackers to access, they could also spy on users using their own audio or video. Amid concerns, VPNOverview has shared pointers on how users can protect their personal information, which includes just using the trusted app because it has been reported that they collect more data than they should.
They have also advised that users do not trust unknown devices when connecting your iPhone. A notification appears on screen when you plug your smartphone into a computer for charging, and asks if the device should be trusted - VPNOverview have said you should always select 'don't allow'.
Users should also avoid clicking on likes or open messages from unrecognised senders and ensure their devices are always up to date with the latest operating system.
Subscribe here for the latest news where you live
The Homeland Security warning list had the previous vulnerabilities, which were identified earlier this month, added to it.
One issue is in Webkit, a Safari browser engine that allows hackers to execute an arbitrary code on an iPhone., which Homeland Security believes could have been exploited. Another security flaw in Kernel could enable a predator to control privileges, but the technology company does not know this has been used.
The period of time that the issues have been affecting devices is unknown.
For more stories from where you live, visit InYourArea.
