Tracked as CVE-2022-32894, the first vulnerability which the update is set to fix is situated in the iPhone Kernel – the core of the operating system – and could allow an application to execute malicious code with kernel privileges, which grants unauthorised and undetected access to the device.
The second issue patched in iOS 15.6.1 is a flaw in WebKit – the browser engine which powers Safari. Known as CVE-2022-32893, successful exploitation of this vulnerability could allow a threat actor to achieve arbitrary code execution if the target visits a maliciously crafted website. Again, this could provide complete control over a user’s device.
In the most extreme attacks, perpetrators use two or more issues in conjunction to successfully infiltrate protective barriers. And, as has been seen with this example, it’s not uncommon for cyber criminals to break into the device's browser – such as WebKit – as a means to enter the wider operating system and access sensitive personal data.
How do zero-day attacks work?
A zero-day attack occurs when hackers exploit a flaw in security infrastructure before the software developers have the opportunity to address it.
Because the vulnerabilities are not always discovered immediately, they can cause long-lasting effects for individuals and organisations alike – not least due to the fact that the only people who know about the zero-day attack are the perpetrators themselves.
Not only can exploits get sold on the dark web for significant sums of money, but attackers can also decide to sit and wait for the most opportune moment to strike rather than infiltrating a network immediately.
What does this mean for the future of security?
While, naturally, this news has caused concern for individuals and organisations across the globe, Apple’s rapid response to the incident showcases exactly why proactive patch management is the key to creating – and maintaining – more robust security infrastructure.
Because attacks are becoming increasingly sophisticated, and cyber criminals are constantly on the lookout for vulnerabilities to exploit, software developers and IT teams must equally be keeping a sharp eye on any abnormalities that require attention.
But it’s not just up to the professionals to be proactive – users of any affected devices must also be quick to implement necessary updates as and when they become available, to mitigate the consequences of an attack.
There’s no denying that such vulnerabilities will continue to occur – both in Apple products and within other software – but maintaining a proactive approach to patch management and sight over emerging updates will no doubt maximise the security posture of individuals, as well as organisations large and small.
We provide patching services to firms within both the public and private sectors. If you'd like to find out more about how we can help your company, please don’t hesitate to contact a member of the Central team.
We’re always here to help.
Central Networks are a strategic technology partner. Excellent technology is a given, customer service, trust and long-term relationships are what drive our business. We support CEOs, Heads of IT, IT technicians and transformation directors to ensure technology provides an edge to their organisations.