(844) 627-8267
(844) 627-8267

How New Zero-Day Flaws Leave Your iPhone Vulnerable to Hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

One click can expose your data

sasha85ru / Getty Images

Malware on a smartphone.

Fact checked by Jerri Ledford

  • iPhone users should update their devices to protect against newfound vulnerabilities.

  • The zero-day exploits may have originated with Russian spy agencies.

  • You should configure your software and firmware to install updates automatically.

<p>sasha85ru / Getty Images</p> Malware on a smartphone.

sasha85ru / Getty Images

Malware on a smartphone.

If you haven’t already done it, you need to update your iPhone, pronto.

Apple has released patches for iOS vulnerabilities that hackers could use to install spyware on your phone. The newly discovered problems are among the most troublesome for computers.

“These vulnerabilities are called zero-days because you have zero days to fix them,” Ryan Montgomery, the co-founder of Pentester, told Lifewire in an email interview. “They are bugs that are unknown to the vendor. Apple’s security team is top-notch, but as you can see, some organizations and nation-states don’t take time off.”

Fixing Zero-Day Flaws

If you have an iPhone 8 or newer, you can download the OS 16.5.1 update, which patches a security problem flaw that lets unauthorized users access data stored on your iPhone. The vulnerability was first spotted in Russia, where Russian government officials have had their iPhones infected with spyware.

“The kernel-level bug (CVE-2023-32434) allows an attacker to execute arbitrary code with kernel privileges,” Josh Amishav-Zlatin, the CEO of the cybersecurity firm Breachsense said in an email to Lifewire.” Likewise, the WebKit bug (CVE-2023-32439) allows for the execution of arbitrary code while processing malicious web content. In other words, malicious users could exploit these flaws to run any code of their choosing on their target’s device.”

Bad actors can exploit these weaknesses to gain complete remote access to your device and the sensitive information it contains, Boyd Clewis, the Vice President and Chief Information Security Officer at Baxter Clewis Consulting, said in an email to Lifewire.

“Unfortunately, these exploits are not uncommon in the tech industry, as even human-developed software can be prone to flaws and vulnerabilities,” he added. “Though companies work diligently to release security patches, zero-day exploits continue to be discovered frequently and are often not disclosed publicly.”

These newly patched Apple iOS vulnerabilities are especially dangerous as they are zero-click, meaning the malware requires no user action to make a security mistake, Aviral Verma, team lead of operations at Securin, said in an email. The spyware could simply implant itself onto iPhones through an iMessage embedded with an exploit for the kernel arbitrary code execution vulnerability.

Though companies work diligently to release security patches, zero-day exploits continue to be discovered frequently and are often not disclosed publicly.

“With technology becoming such an inseparable part of everyone’s daily lives, it’s aggressively being targeted, meaning zero days are becoming more common,” Verma said.

From 2019 and prior, zero-day exploits stayed below a count of 33 each year, Verma pointed out. In 2020, there were only 30 zero-days exploited. That number rose exponentially in 2021 with a whopping 80 zero-day exploits. In 2022, it was 55, and they’re still racking up for 2023.

“Apple itself hasn’t been the victim for the first time, with the FORCEDENTRY zero-day exploits previously used to deploy the infamous Pegasus Spyware,” he added. “In fact, these are the ninth zero-days patched by Apple in 2023. The GoAnywhere & MOVEit zero-day exploits this year have been used by ransomware gangs such as Cl0p to cause widespread havoc over critical infrastructure industries, including healthcare, IT, and financial services.”

How to Protect Against Malware

As dangerous as vulnerabilities can be, experts say there are ways to secure your data. For starters, ensure your device is always kept up-to-date with the latest software patches to reduce the risk of sensitive data being compromised, Clewis said. “Additionally, whenever possible, utilize multi-factor authentication on apps that house sensitive information like banking or medical history,” he added.

<p>Tero Vesalainen / Getty images</p> Locked smartphone sitting on an open laptop.

Tero Vesalainen / Getty images

Locked smartphone sitting on an open laptop.

Install and maintain reliable antivirus and anti-malware software and pay for it, suggested Robert Siciliano, the CEO of ProtectNowLLC.co, in an email. He said that antivirus solutions could detect and block known threats, providing an additional layer of defense against potential zero-day exploits.

“They may not specifically address the zero-day, but they generally catch up in short order,” he added.

Also, Siciliano said you should configure your software and firmware to install updates automatically. This way, you can ensure you’re promptly receiving security patches and security updates as they become available.

Be cautious and use various virus-scanning plugins when visiting unfamiliar websites or downloading files from untrusted sources. Malicious websites or downloads can sometimes exploit zero-day vulnerabilities.

“Stay vigilant and take the necessary precautions to safeguard your digital life,” Clewis said.


Click Here For The Original Story From This Source.

National Cyber Security