Two critical security gaps in iOS devices threaten users - Apple even warns of attacks and offers an update to 14.4. Tim Berghoff from G DATA classifies the incident.
Apple is currently warning of an actively exploited security gap in its iOS operating system - this means that attacks are already taking place against users. The security flaws can be found in the kernel and in Apple's own “Webkit” technology, which is used to display Internet pages. The Webkit vulnerability can also be exploited remotely. All iPhone devices from version 6 are affected. Apple recommends updating to iOS 14.4.
"It is absolutely rare for Apple to warn of actively exploited security problems," says Tim Berghoff, G DATA Security Evagenlist. “With the kernel and webkit, two highly critical components of the operating system are also affected. So users shouldn't wait for the automatic updates, but take action themselves immediately. "
Extended permissions and remote code execution
The problem in the iOS kernel described by Apple enables an app to extend its own permissions. In this way, attackers can access data that the app would not actually have access to, thereby circumventing the protective mechanisms of the operating system. "The Webkit vulnerability even enables code to be executed remotely - a security vulnerability couldn't be much more problematic," says Berghoff. "In the gray market for security vulnerabilities, millions of dollars are paid for such exploits."
Smartphones are a popular target
Due to the large amount of personal data stored, smartphones are a very popular target for cyber criminals. Apple provides its devices with security updates for a very long time, so users don't have to worry much at this point. In comparison, cheap Android devices in particular are often only supplied with patches for a short time - users are then left without protection against current dangers.
More on this at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.