Apple Fixes Dangerous iOS Zero Days After Threats Against Targeted Individuals
A new iOS software update has been released to patch two security flaws that, when exploited, allowed cybercriminals to hack specific target devices in an “extremely sophisticated attack,” Apple has confirmed. The vulnerabilities are in CoreAudio and RPAC, and affected iOS, tvOS, visionOS, and iPadOS - and were discovered by Apple and the Google Threat Analysis Group (TAG).
The threats against targeted individuals have raised concerns about the involvement of nation-state actors or at least some level of government backing. The Google TAG's focus is on working to “counter government-backed hacking and attacks against Google and our users,” suggesting that the exploits were used in these sophisticated attacks.
Security Flaws Explained
The two security flaws addressed by Apple are an “actively exploited CoreMedia flaw” and a vulnerability in Pointer Authentication. The first flaw, according to Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, could have allowed malicious code execution through the processing of a media file.
Apple has mitigated this issue by implementing improved bounds checking. The second vulnerability fixed by Apple is related to Pointer Authentication, which is a security mechanism designed to resist memory disclosure attacks. Bypassing it gives an attacker the opportunity to launch attacks and access parts of the device’s memory.
Expert Advice
"With the security fixes in iOS 18.4.1 addressing two zero-day vulnerabilities, it is essential that all users immediately update their Apple devices," Boynton emphasized. “The fact that these two vulnerabilities are extremely sophisticated to exploit explains why Apple has only observed attacks against specific, targeted individuals. However, the limited scope of these attacks should not deter users from updating their devices promptly."
Business Implications
Patching known security flaws is a first line of defense for all users, and should be a priority for all security teams. Almost half of UK businesses report an “increasing number” of state-sponsored threat actors in the last 12 months, and elevated geopolitical tensions make for a hostile cybersecurity landscape.
Stay Ahead with Credit Monitoring
If you're concerned about your digital security, consider monitoring your credit score with TransUnion starting at $29.95/month. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile.
Get the Latest Tech News
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features, and guidance your business needs to succeed!