back to article Apple patches exploited bugs in iPhones plus other holes

Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited. Here's a quick list of all of the security updates released late on Monday afternoon: Safari 16.6 iOS 16.6 and iPadOS 16.6 iOS 15.7.8 …

  1. Ace2 Silver badge

    I’ve asked this before and still don’t get what the concern is: What is the attack vector for tvOS? How would you get your malware code to run on it?

    The only thing I use mine for is a few streaming apps.

    Could YouTube ads be an issue? Surely they don’t allow js in tvOS ads.

    1. Clausewitz4.0 Bronze badge
      Black Helicopters

      "Could YouTube ads be an issue? Surely they don’t allow js in tvOS ads."

      I don't own tvOS, but ads, browsing the web or apps supporting iframes/web content (a lot), are a well know exploit vector - being used quite effectively by malware writers a few years ago. But today, federal, intel agencies and the military took over the market. Everything is more expensive.

    2. doublelayer Silver badge

      I don't know what you can do with an Apple TV, but if it can be used to browse the web, watch content rendered by a browser of some sort, or receive messages, then there are some attack vectors. It might be something as simple as TV OS being basically the same as IOS with a different frontend (as I recall, a while ago they didn't bother having separate names and called it IOS), so if they patch one they are going to patch the other to keep the codebases in line.

      1. Anonymous Coward
        Anonymous Coward

        Most of the AppleTV apps are web apps

        And like all of their platforms, you have to use the Safari/webkit core for your rendering engine.

        The next part is that hostile content needs to be served from somewhere the TV is loading. Ads are an obvious avenue, as would watering hole attacks on the servers hosting popular content, I'd go after the second tier apps for things like news channels.

        What I would be more worried about is one of the developer libraries the apps link to going evil. There are too many shady "telemetry" frameworks in these things, and most of these devs don't seem to be doing due diligence their tools. So if one of these tools goes bad, hundreds or thousands of Apps could start telling their clients to request content from anywhere, triggering an attack based on a fault like this.

        So even on devices people don't use to browse the browser can still be attacked.

    3. DS999 Silver badge

      I don't think that it is as important to patch

      But it is the same codebase so it gets all the same fixes as part of the update - they would have to go out of their way to NOT patch security issues in it that are being patched for iOS.

      They don't release the fast response patches for it like they do iOS & iPadOS, just the "regular" updates.

      It would be a lot harder to attack and a lot less valuable if p0wned so I doubt anyone is out there actively trying to hack it. I suppose you'd get a foothold into someone's internal network that way, but it is much easier to do by attacking wireless routers that are generally not kept up to date. Especially once they are a few years old and any automated vendor patching has run its course.

    4. Marty McFly Silver badge

      Same threat vector as a remote controlled LED lightbulb. Compromise the device and then go after the real targets on the internal network.

  2. Johnb89

    Its also the not-early adopters

    The long list of effected ios devices I think is the list of devices that won't take ios16.

    For those that choose not to have ios16 because it isn't done yet, we are stuck... apple don't release patches for ios15 (or 14 etc).


    1. Sandtitz Silver badge

      Re: Its also the not-early adopters

      "apple don't release patches for ios15 (or 14 etc)"

      iOS 16 has worked well for all iPhones in my household, what's the issue you are having?

    2. DS999 Silver badge

      Re: Its also the not-early adopters

      Did you miss the list of patches in the article where they showed patches for iOS 15.x (15.7.8) are also available? Patches for iOS 14 are irrelevant, there are no devices that can run 14 but not 15. If you "choose not to run" 15 on something capable of running it when it has been out for almost two years then that's your own damn fault.

      We'll have to see if they make patches available for iOS 12 to help out those still using iPhone 5S and 6. They last patched iOS 12 in January so they might but I guess it isn't clear whether iOS 12 is affected by the issue that's believed to be under active exploit.

      1. Johnb89

        Re: Its also the not-early adopters

        Did you miss the part where I said 'devices that can run ios16 but we choose not to run ios16'? I didn't say choose not to run 15.

        1. DS999 Silver badge

          Re: Its also the not-early adopters

          And I said there was a patch for iOS 15.

          If you have a device capable of running iOS 16 and you are not only not running iOS 16 but not running iOS 15 then you don't deserve any sympathy for not getting security patches.

      2. gnasher729 Silver badge

        Re: Its also the not-early adopters

        There’s always the possibility that a bug in ios13-15 doesn’t actually exist or doesn’t work on ios12. Or that an exploit is not trivial and must be handcrafted for each target to be attacked, and no attack for ios12 was written.

  3. FlamingDeath Silver badge

    Trillion dollar company

    What does that even fucking mean?

    It just means they managed to sell more junk than their competitors.

    As for amnesty international, I wouldn’t trust them in the slightest, just another slimy spook infested organisation

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like