Apple recently uncovered a serious security vulnerability, affecting all of their recent and previous operating systems such as iOS, iPadOS, macOS, and tvOS. We can refer to these flaws as CVE-2023-28205 and CVE-2023-28516. The combination of these issues enables the attackers to run arbitrary code and do anything with the compromised device, including the theft of personal information, crypto assets and application passwords.

The main problem that lies behind this insecurity is the use of WebKit engine as the foundation for the Safari browser. It is the only engine used by Apple’s mobile operating systems and it is possible to use it to break into a device without any active user activity - so called “zero-click” attack.

Apple has been working hard in responding to this issue, releasing updates for a plethora of devices and versions. In the meantime, all kinds of technology giants have been under stress regarding security, as growing numbers of hackers become savvier.

The gravity of the security problem was made clear on January 14th when a person mistakenly downloaded malware from a Google Adwords search result. Such a consequence ended up with the user losing all their nonfungible tokens and crypto assets.

This case warns us of the harmful results of insufficient security and alerts us to the need of taking security measures in our devices and to be cautious with whatever clicks we make. All of us should be aware of security vulnerabilities and take the necessary steps to keep our property and data safe.



Other News from Today