Latest news with #WebKit
Forbes
13-05-2025
- Forbes
Apple Issues iPadOS 17.7.7, Urgent Update For Older Devices
Apple has released iPadOS 17.7.7 for users that can't update to iPadOS and iOS 18.5. Apple has released iPadOS 17.7.7 for users that can't update to iPadOS and iOS 18.5. The iPadOS 17.7.7 update is a big one, because it includes fixes for 29 security vulnerabilities, some of which could have a serious impact if exploited. Apple doesn't provide much detail about what's fixed in iPadOS 17.7.7, because the iPhone maker always gives time for users to upgrade before attackers can get hold of the technical information. But what we do know is, iPadOS 17.7.7 fixes a number of flaws in WebKit, the engine that underpins the Safari browser, the worst of which is a type confusion issue that could lead to memory corruption tracked as CVE-2025-24213. Meanwhile, an issue in StoreKit could see an app able to access sensitive user data and a flaw in Weather could allow a malicious app to read sensitive location information. Apple's iPadOS 17.7.7 also squashes a serious bug in Security that could enable an app to access associated usernames and websites in a user's iCloud Keychain. At the same time, the iPad upgrade patches three flaws in the Kernel at the heart of the iPadOS operating system, the worst of which could see an app able to leak sensitive kernel state. Thankfully, none of the issues fixed in iPadOS 17.7.7 have been used in real life attacks. According to Apple, iPadOS 17.7.7 is for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch and iPad 6th generation. If you own any other newer iPad, you need to update to iPadOS 18.5 to be covered for security upgrades. The more eagle-eyed among you may have noticed that Apple used to release an iPhone update alongside iPadOS 17 updates, for users of older iPhones. Sadly, this is no longer the case. It appears that Apple has stopped offering the choice of whether to upgrade to its latest and greatest operating system, iOS 18, if your device is capable of updating. Many of the flaws patched in iPadOS 17.7.7 are serious, so it's a good idea to apply the update to any older iPads now. Newer devices must upgrade to iOS and iPadOS 18.5. Go to Settings > General > Software Update and download and install iPadOS 17.7.7 as soon as possible.
India Today
03-05-2025
- Business
- India Today
No Google, no Firefox? Firefox may disappear without Google search deal, Mozilla warns
In the wake of a landmark antitrust case in the US against Google, concerns are mounting over the potential consequences of proposed remedies aimed at curbing Google's dominance in the search engine market. The US Department of Justice (DoJ) is pushing for a series of sweeping measures, including a possible forced sale of Google's Chrome browser. Responding to these developments, Google CEO Sundar Pichai warned that dismantling Chrome could effectively kill off Google Search in its current form. Now, Mozilla — the organisation behind Firefox — has voiced its own alarm, stating that it could be driven out of business if the court implements all the JoD's proposed very frightening,' said Mozilla's Chief Financial Officer Eric Muhlheim during testimony on Friday, as reported by The Verge. He explained that Firefox relies heavily on revenue from its partnership with Google, which pays to be the default search engine on the browser. This deal accounts for around 85 percent of Mozilla's income and roughly 90 percent of the revenue for its for-profit subsidiary, which supports the broader non-profit Mozilla this funding were to disappear, Mozilla would need to implement 'significant cuts across the company,' according to Muhlheim, including scaling back product engineering efforts for Firefox. He cautioned that these reductions could trigger a 'downward spiral,' diminishing the browser's appeal and potentially resulting in its collapse. Such an outcome would also jeopardise Mozilla's broader initiatives, including its development of open-source tools and projects focused on leveraging AI to address climate He further argued that such a scenario would merely reinforce the very market dominance regulators aim to break up. He noted that Firefox's underlying Gecko engine is 'the only browser engine that is held not by Big Tech but by a nonprofit.' In contrast, the other leading engines — Google's Chromium and Apple's WebKit — are operated by tech giants. Mozilla originally created Gecko, he said, out of concern that Microsoft might monopolise internet protocols, and its development has played a crucial role in keeping the web open and interoperable. While cross-questioning, Judge Amit Mehta asked Muhlheim whether he agreed that Mozilla would benefit if there were at least one other company capable of matching Google's search quality and monetisation abilities. 'If we were suddenly in that world,' Muhlheim responded, 'that would be a world that would be better for Mozilla.'Even though many companies, like Yahoo, involved in the Google trial have expressed interest in acquiring Chrome, Firefox has not. Instead, Mozilla is sounding the alarm over the unintended consequences of a crackdown that, while targeting one monopoly, could end up stifling one of the last remaining independent players in the browser space.
Forbes
31-03-2025
- Forbes
iOS 18.4—Update Now Warning Issued To All iPhone Users
Apple has issued iOS 18.4, along with a number of cool new iPhone features. But the iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 62 security vulnerabilities, some of which are serious. Apple doesn't give much detail about what's fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details. But the iOS 18.4 upgrade patches several critical bugs in WebKit, the engine that underpins the Safari browser — and the Kernel at the heart of the iPhone operating system. Apple's iOS 18.4 patches an issue in the iPhone Kernel tracked as tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures. Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross-site scripting attack — where an attacker injects malicious scripts into a trusted website — if you inadvertently load a malicious iframe, Apple warns on its support page. The iOS 18.4 patches come less than a month after Apple's emergency iPhone update 18.3.2, which fixed a flaw already being used in real-life attacks. Apple does not mention any of the vulnerabilities squashed in iOS 18.4 have been exploited in real-life scenarios yet. However, now the details are out there, it becomes more urgent to apply the update now. Alongside iOS 18.4, Apple has issued iPadOS 17.7.6 for older devices the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation. The update fixes a number of flaws, the most notable being an issue in CoreMedia that could allow a malicious application to elevate privileges, tracked as CVE-2025-24085. 'Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,' the iPhone maker warns. Meanwhile, iOS 16.7.11 for the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation fixes two issues used in real life attacks. Lastly, Apple has squashed the same bugs for very old devices the iPhone 6, iPhone 7, iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) in iOS 15.8.4. Apple's iOS 18.4 fixes more than 60 issues — one of the biggest list of patches I've seen from the iPhone maker in recent times. Adding to the urgency, iOS 18.4 and the other upgrades issued alongside it include important security updates for your iPhone — some of which have been used in real-life attacks. 'These vulnerabilities could potentially allow malicious code to run on affected devices, putting data at risk as well as the device itself at risk of a remote denial of service attack,' says Jake Moore, global cybersecurity advisor at ESET. He recommends all users install the iOS 18.4 update 'as soon as possible to ensure devices remain protected against these known threats.' I agree. Apple's iOS 18.4 includes a long list of patched flaws, so it's a good idea to apply it now. Go to your Settings > General > Software Update and download and install iOS 18.4 now to keep your iPhone safe.
Express Tribune
15-03-2025
- Express Tribune
Apple issues urgent security update to fix serious iPhone and iPad flaw
Listen to article Apple has released an emergency security update for iPhones and iPads to address a newly discovered zero-day vulnerability, CVE-2025-24201, which could allow attackers to bypass security protections and access sensitive data. The flaw, located in WebKit—the browser engine that powers Safari, Mail, and the App Store—exploits an out-of-bounds write issue, enabling malicious web content to evade Apple's Web Content sandbox security feature. Apple confirmed that the vulnerability has already been exploited in targeted attacks, primarily against users running older iOS versions before 17.2. Experts warn that such attacks often involve state-sponsored hackers or sophisticated cybercriminal groups. Who Is affected? The security flaw impacts a wide range of Apple devices, including: iPhones: iPhone XS and later models iPads: iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad Mini (5th generation and later) Apple has urged all affected users to update their devices immediately to protect against potential cyber threats. To mitigate the risk, Apple rolled out iOS 18.3.2 and iPadOS 18.3.2 on March 11, 2025, introducing improved security checks to prevent unauthorized access. The update serves as a supplemental patch to a previous fix implemented in iOS 17.2. How to update your device Users can install the update by following these steps: 1. Open Settings 2. Tap General 3. Select Software Update 4. Download and install the latest version The device will restart once the update is complete. Additional security measures Experts recommend taking extra precautions to safeguard Apple devices against potential cyber threats, including: Enabling two-factor authentication (2FA) for Apple ID Using a strong alphanumeric passcode instead of a simple four-digit PIN Activating Face ID or Touch ID for enhanced security Reviewing app permissions regularly Avoiding unofficial app sources and downloading only from the Apple App Store Using Apple's App Privacy Report to monitor app behavior Keeping Find My iPhone enabled in case of theft or loss Using a password manager for better credential security Zero-day vulnerabilities like CVE-2025-24201 pose a significant risk as they are exploited before developers release fixes. While Apple has not disclosed the full extent of the attacks, cybersecurity experts emphasize the importance of staying updated to prevent potential breaches. Apple has urged users to install the latest update immediately to ensure their devices remain protected.
Yahoo
14-03-2025
- Business
- Yahoo
UK watchdog: Apple and Google browser dominance is bad for consumers
The duopoly that Apple and Google hold over mobile phone browsers is causing consumers to lose out and is dampening innovation, regulators say. The UK's Competition and Markets Authority (CMA) said Apple is holding back competitors such as Mozilla and Firefox from offering new features because of restrictions built into its platform. Apple said it had 'concerns' with the report published by the watchdog. Apple runs the Safari browser, but also runs the operating system that competing browsers have to use if they want to work on iPhones. This forces others to use Apple's own underlying browser engine, called WebKit, partly to mitigate against cybersecurity issues. But it also limits the extent to which competing browsers can offer features which differentiate them from Apple's own Safari offering, which is hindering competition, the CMA said. The watchdog said Apple also allowed Safari to implement full-screen video almost four years before giving other browsers access to the functionality required to do so. Apple and Google dominate the mobile device market, with the CMA noting that the vast majority of devices come with Apple's iOS or Google's Android operating systems pre-installed. The firms' own app stores and browsers have either exclusive or leading positions on their platforms compared to third-party products and services. A spokesman for Apple said the company 'has concerns with this report and believes the remedies it discusses would undermine privacy, security and the overall user experience'. 'We face competition in every segment and jurisdiction where we operate, and our focus is always the trust of our users,' it said, flagging that consumers can choose from a variety of browsers on the App Store, and switch their default browser in the settings app. Apple said it would 'continue to engage constructively with the CMA to best address their concerns'. The CMA has been investigating the two companies' mobile browser offerings through an independent inquiry group. A revenue-sharing arrangement between the two is also further reducing financial incentives to compete, the watchdog added. Google pays Apple a significant share of the search advertising revenue earned from traffic on Safari and Chrome on its iOS.8 operating system, the CMA said. It comes after a digital markets competition regime took effect in the UK at the start of this year, giving the UK authorities new powers to issue 'conduct requirements' to tech firms that are granted strategic market status. Firms designated with the status can have conduct requirements imposed upon them which boost competition for UK businesses and choice for consumers. The CMA is separately examining whether the US giants should be given this status. If they are, they could be asked to to open up access to functionality within operating systems or app stores to third-party apps. Margot Daly, chair of the CMA's independent inquiry group, said: 'Following our in-depth investigation, we have concluded that competition between different mobile browsers is not working well, and this is holding back innovation in the UK.'
