Apple’s new iOS 16.6.1, iPadOS 16.6.1, watchOS 9.6.2 and macOS Ventura 13.5.2 updates fix two dangerous vulnerabilities that have been exploited in the wild.
Having to authenticate yourself with a passcode or even Face ID or Touch ID just to use your device after a respring is an inconvenience that only jailbreakers typically ever have to experience. But with the MacDirtyCow and kfd exploits bringing add-ons to non-jailbroken firmware, even non-jailbreakers are putting up with the added inconvenience these days.
Every year, there are handful of meets around the world where experienced hackers can speak and share their knowledge with others to forward the essential skill that is security research.
The kernel file descriptor (kfd) exploit that grants kernel memory read and write privileges on firmware up to and including iOS & iPadOS 16.6 beta 1 is already being used to modify system files like the MacDirtyCow exploit was on iOS & iPadOS 15.0-16.1.2. But what about jailbreaking?
Interesting news arose this weekend after @exploit3dguy shared what appears to be a successful blackbird exploit-based firmware downgrade on an iPhone 6s to iOS 10.0.1 with fully working passcode functionality.
The kernel file descriptor (kfd) project that made rounds this past weekend because of its ability to achieve kernel read and write on firmware up to and including iOS & iPadOS 16.5 is becoming even more famous as iOS developers devise new and unique ways to take advantage of it.
iOS 16.6 and other Apple updates bring security fixes for many vulnerabilities, including ones that have been actively exploited in the wild.
The latest development in iPhone and iPad security research this week saw @_p0up0u_ Tweeting a link to a GitHub project for achieving read and write to kernel memory on Apple devices called kernel file descriptor (or kfd for short).
TikTok for iPhone is bringing support for passkeys, a secure authentication method that uses Touch ID or Face ID instead of prompting you to enter passwords.
Learn how to protect private documents on your iPhone, iPad, or Mac from prying eyes by locking them with Face ID, Touch ID, or device passcode.
Apple has temporarily pulled the latest Rapid Security Response update due to a bug preventing some websites from working correctly in Safari.
Apple has released a new Rapid Security Response update for the iPhone, iPad and Mac to fix an actively exploited vulnerability discovered in its WebKit engine.