Apple Warns of Two Vulnerabilities

Author

ACA Aponix

Publish Date

Type

Cyber Alert

Topics
  • Cybersecurity
  • Cybersecurity Resources
  1. Insights
  2. Apple Warns of Two Vulnerabilities

In Apple®’s latest software release update for iOS 15.6.1, they urge users to update their devices as soon as possible to avoid two known security issues with Kernel and Webkit. These two vulnerabilities could allow hackers to take complete control of a device. Apple has yet to disclose more detailed information about the vulnerabilities, as is their policy, until a full investigation is completed.

The security concerns impact the following devices:

  • iPhone 6s and later
  • iPad Pro (all models)
  • iPad Air 2 and later
  • iPad 5th generation and later
  • iPad mini 4 and later
  • iPod touch (7th generation)

To update your Apple device to the most secure iOS release, go to iPhone Settings > General > Software Update and download and install iOS 15.6.1.

Vulnerability update information

The first vulnerability iOS 15.6.1 addresses is for the iPhone Kernel application, tracked as CVE-2022-32894, that can allow an application to execute code with Kernel privileges from an unknown user.

The second vulnerability addressed by the iOS update affects Webkit, the browser engine behind Safari, tracked as CVE-2022-32893. The Webkit vulnerability could allow for hackers to produce maliciously crafted web content which could be used to produce harmful code.

Our guidance

The following steps can help your firm prevent issues from this and future vulnerabilities on Apple devices.

  • Alert your employees immediately of potential vulnerabilities
  • Push updates for the most recent software on all corporate Apple devices
  • Encourage employees to turn on automatic updates on their Apple devices to avoid missing important patches
  • Check all Apple devices, not just phones, for important updates

Click here for more information on enabling automatic updates for Apple products.

How we help

We can help your firm establish and maintain a cybersecurity program in-line with current regulations and industry standards. Our team can:

  • Develop and review written policies and procedures that meet your firm’s regulatory requirements and the latest industry standards
  • Assess your policies and procedures to confirm they accurately reflect the cybersecurity procedures currently in practice at your firm
  • Test your systems to identify network vulnerabilities and provide remediation recommendations

We also provide regulatory and cyber risk alerts and insights to help you stay current with cybersecurity, privacy, and regulatory trends and emerging threats.

For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your ACA Aponix consultant or contact us below.

Contact Us

Related insights

2024 ACA Conference

Highlights From the 2024 ACA Conference

As the curtains close on the ACA Conference 2024, the echoes of transformative dialogue and insightful revelations resonate, shaping the trajectory of GRC in financial services.

News
  • Compliance
  • RegTech
  • Cybersecurity
  • ESG
  • Performance
  • Managed Services
  • SEC
cyber lock

Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways

A popular firewall used in the financial industry is under attack due to a critital zero-day vulnerability. Firms that use Palo Alto Networks' firewall need to update their software to protect their systems.

Cyber Alert
  • Cybersecurity
abstract image with a lock and shield

Two Important Cybersecurity Alerts from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action.

Cyber Alert
  • Cybersecurity