I-Apple ekugcineni ikhiphe imininingwane eyengeziwe ngezibuyekezo ezingaqondakali inkampani eziphusha buthule ngesonto eledlule ku-iOS ne-iPadOS 17.4.1.
Njengoba kuvela, ikheli lezibuyekezo a ubungozi obusha kumasistimu okusebenza afanele avumela umhlaseli okude ukuthi asebenzise ikhodi engafanele kuma-iPhone nama-iPads athintekile.
Imikhiqizo ye-Apple iOS ne-iPadOS ethintwa umtapo wolwazi osengozini ihlanganisa i-iPhone XS futhi kamuva, i-iPad Pro 12.9-intshi isizukulwane sesibili futhi kamuva, i-iPad Pro 11-inch isizukulwane sokuqala futhi kamuva, isizukulwane sesithathu se-iPad Air nakamuva, kanye nesizukulwane sesihlanu se-iPad mini nakamuva. . Abasebenzisi balawa madivayisi banganciphisa ubungozi obuvela ebungozini obubizwa ngokuthi I-CVE-2024-1580 ngokufaka izibuyekezo ezintsha ze-iOS ne-iPadOS.
I-Apple Out-of-Bound Bhala Inkinga
I-CVE-2024-1580 isukela odabeni oluphuma ngaphandle kwemingcele ku-dav1d AV1, umtapo wolwazi ovulekile wokuqopha ividiyo ye-AV1 kumadivayisi amaningi nezinkundla. Izingxenye ezimbili ze-Apple iOS kanye ne-iPadOS ezithintwa ukuba sengozini uhlaka lwayo lwe-Core Media lokucubungula idatha ye-multimedia kumapulatifomu ahlukahlukene we-Apple, kanye nokuqaliswa kwe-WebRTC yenkampani ekusekeleni ukusakazwa kokuphakelayo komsindo nevidiyo bukhoma kuzinhlelo zokusebenza zeselula.
Ngaphezu kokubuyekeza i-iOS ne-iPadOS, i-Apple kuleli sonto iphinde yakhipha izibuyekezo zokubhekana ne-CVE-2024-1580 kweminye imikhiqizo, okuhlanganisa Isiphequluli sewebhu seSafari, i-macOS I-Sonoma futhi I-Ventura, kanye nalo umbonoOS isofthiwe ye-headset yenkampani entsha ye-Vision Pro. Ukuvuselelwa kwe-Apple kuza ngemuva kwamasonto ambalwa inkampani ikhiphe i-iOS 17.4
U-Apple uncome umcwaningi eqenjini le-Google elizingela iziphazamisi ze-Project Zero ngokuthola nokubika ubungozi enkampanini.
Iphutha okungenzeka Liyingozi?
Umcwaningi wezokuphepha uPaul Ducklin uhlonze eka-Apple ukungabaza ukukhipha imininingwane yephutha ngesonto eledlule njengophawu lokuthi inkampani kungenzeka ihlole iphutha njengeliyingozi.
"Siyaqagela, ekuthuleni okunenjongo kwe-Apple ngesikhathi kuphuma izilungiso zokuqala ngesonto eledlule, ukuthi i-CVE-2024-1580 bug ithathwe njengeyingozi ukuyibhala ngaphambi kokuthi kushicilelwe iziqephu zamanye amapulatifomu, ikakhulukazi ama-macOS," wabhala eposini le-blog.
Iphinde iphakamise ukuthi inkampani ibheka ngisho nemininingwane eyisisekelo eyikhiphe ngoMashi 26 mayelana ne-CVE-2024-1580 njengokunikeza abalingisi abasabisayo nabacwaningi imininingwane eyanele yokuhlehlisa isibuyekezo futhi ithuthukise ukuxhashazwa okusebenzayo, kusho uDucklin. Weluleke abasebenzisi nezinhlangano ezisebenzisa amadivaysi athintekile ukuthi zithuthukele ngokushesha ezinguqulweni ezintsha ze-iOS, iPadOS, macOS, nezinye isoftware ethintekile.
I-Google ihlole isiphazamisi njengenkinga yobunzima obumaphakathi enobunzima bokuhlasela okuphezulu, iphawula ukuthi umhlaseli uzodinga amalungelo asezingeni eliphansi ukuze axhaphaze isiphazamisi, kodwa uzodinga ukufinyelela kunethiwekhi yendawo noma abe seduze nesistimu esengozini ukuze aphumelele.
Iziphazamisi ezintathu ze-Apple Zero-Day ... Kuze kube manje
Kuze kube manje ngo-2024, izimbungulu ezintathu kwezine zezinsuku eziyiziro iGoogle ezifakile kusipredishithi seProject Zero zihlobene ne-Apple. Izimbungulu ezintathu zihlanganisa I-CVE-2024-23222, isiphazamisi sokwenza ikhodi ekude enjini yesiphequluli se-WebKit ye-Safari, kanye I-CVE-2024-23225 kanye ne-CVE-2024-23296, ubungozi obubili be-kernel ku-iOS abahlaseli abebesebenzisa kanzima ekuhlaselweni kwabasebenzisi be-iPhone ngaphambi kokuthi i-Apple ikulungisele.
I-Google ayizange iphendule ngokushesha esicelweni Sokufunda Okumnyama ukuze uthole ulwazi olwengeziwe mayelana nokusebenziseka kwephutha noma ukuthi abacwaningi be-Project Zero babone noma yimuphi umsebenzi wokuxhaphaza oqondise iphutha endle.
Usuku lwesine oluyiziro i-Google enalo kusipredishithi se-Project Zero sika-2024 I-CVE-2024-0519, isiphazamisi senkohlakalo esihlaselwe ngokukhuthele ku-Chrome inkampani eyasichibiyela ezinsukwini ngaphambi kokuthi i-Apple idalule i-WebKit Safari yayo yosuku oluyiziro.
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/endpoint-security/apple-security-bug-opens-iphone-ipad-rce
