Security News > 2023 > July > Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
The second-ever Apple Rapid Security Response just came out.
The last point above is surprisingly important, given that Apple absolutely will not allow you to uninstall full-on system updates to your iPhones or iPads, even if you find that they cause genuine trouble and you wish you hadn't applied them in the first place.
That's because Apple doesn't want users to be able to downgrade on purpose to reintroduce old bugs that they now know can be used for jailbreaking devices or installing an alternative operating system, even on devices that Apple itself it no longer supports.
T]hey deliver important security improvements between software updates - for example, improvements to the Safari web browser, the WebKit framework stack or other critical system libraries.
Browsing on its own is meant to be comparatively low risk, given that the browser itself is supposed to programmed to shield you from immediate harm.
Depends on the browser not having any security bugs through which booby-trapped content could circumvent the browser's own security shields and subject you to what's jocularly known as a drive-by install or a look-and-get-pwned attack.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)