iOS Users Urged To Update Device To Avoid WebKit Bug

Share post:

Apple urges all iOS users to update their systems immediately to avoid falling victim to a use-after-free vulnerability that could allow an attacker to execute arbitrary code on the victim’s device.

Use-after-free (UAF) attacks exploit a vulnerability in how applications manage dynamic memory allocation. Dynamic memory stores blocks of any size are quickly used and then released and are managed by headers that help apps understand which blocks are occupied.

In some cases, memory headers are not cleared properly. This is where a potential attacker can insert malicious code that is then picked up by another app and executed at the original buffer address.

In order to exploit this vulnerability, an attacker would need the victim to access a malicious web page that would compromise the device and allow the execution of arbitrary code.

All web browsers available on iOS, from Safari to Chrome to Firefox and beyond, use WebKit, making any iOS device potentially vulnerable. In addition, a number of macOS and Linux browsers use WebKit. Desktop browsers therefore also need to be updated.

According to Apple, the iPhone 6S and later, all iPad Pro models, iPad Air 2 and above, iPad 5th Gen and above, iPad Mini 4 and above, and iPod Touch seventh-generation devices can download Update 15.3. 1 for iOS and iPadOS.

For more information, read the original story in TechRepublic.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways