Apple this weekend released the iOS 15.3.1 and iPadOS 15.3.1 system updates for iPhones and iPads, with a critical focus on fixing a security breach that exploits the Webkit component – the engine responsible for displaying websites.
The vulnerability, known as “Zero Day”, allows attackers to infiltrate the device easily, similar to the “Pegasus” spyware of the Israeli offensive cyber company NSO. The vulnerability is based on vulnerabilities in software and operating systems that have not yet been discovered (hence the name “day zero”), and have probably not been addressed or shut down.
The company’s official website about the security update states that “processing a maliciously crafted file may result in arbitrary code execution.” The company’s website further states that “a malicious application may be able to obtain base permissions, and Apple is aware of a report that this problem may have been actively exploited.”
The update is available for iPhone 6s and above, iPad Pro (all models), iPad Air 2 or later, iPad 5th generation or later, iPad mini 4 or later and iPod Touch (7th generation). To update your device click on “Settings”> “General”> “Software Updates”.
“The new vulnerability discovered in iOS is exploited by processing content that originates from the browser and contains malicious content that can lead to remote code execution on the device – thus enabling operations without the user’s knowledge,” says Sahar Avitan, CEO and owner of Kayran.
“After the release of Apple’s report, attackers have already begun exploiting the vulnerability in outdated devices. Similar to NSO’s Pegasus, an application belonging to Apple has been used here. It is important to remember that companies release security updates, To prevent future harm. ”