It may have been that the security and intelligence agencies had a need to exploit the vulnerability, but having done so chose to disclose it to Apple so that it could be fixed. Read more: GCHQ reveals why it keeps some software vulnerabilities secretĪlternatively, it could be that the vulnerability was reported by a Western government with a vulnerabilities equity process, such as the UK's National Cyber Security Centre, a part of GCHQ. If so, revealing that they knew about the attack - by attributing the disclosure to a name associated with the victim - could provide the attacker with some feedback about their offensive operation. Potentially it could also be that the researcher works for a company or government organisation that was targeted through this vulnerability. There could be a number of reasons for them doing so, including simply that they didn't want the attention that the report would have brought them. All iPhone models 6S and later iPad 5 th generation and later iPad Air 2 and. The following products are specifically listed as having this vulnerability. The researcher who reported the vulnerability chose to remain anonymous. Apple has released emergency security updates to fix vulnerabilities that can by exploited by cyberattackers to gain unauthorized access to iPhones, iPads, or Macintosh computers.
#CRITICAL APPLE SECURITY UPDATE INSTALL#
This is why it is so important to install the latest security updates.
#CRITICAL APPLE SECURITY UPDATE UPDATE#
However now that the vulnerability is publicly known, it could be that criminals reverse engineer the security update and target members of the public who haven't yet updated their devices. This limited time in which a vulnerability can be exploited also impacts the market dynamics for selling, purchasing and using such tools.Īll of this means that before the vulnerability was discovered by Apple - when it was a "zero day" vulnerability because the vendor had zero days to develop the patch - it would likely not be used for general targeting. Offensive cyber tools like exploits for serious vulnerabilities like this don't last forever.Īs soon as the vulnerability is discovered then the software vendor can begin developing a fix for it - and any attempt to exploit the vulnerability risks revealing that it exists. Within the cyber security world, the ability to execute code on a victim's device just by making them open a web page is extremely rare and powerful.Īs a simple matter of supply and demand, the exploit could have been purchased for a lot of money - and if so, then it would likely have been used to attack a high-value target.
0 kommentar(er)
