A security vulnerability in Apples iOS and macOS operating systems, identified as CVE-2022-32946, might have allowed programs with Bluetooth access to listen in on Siri conversations, The Hacker News reports.
According to Guilherme Rambo, an app developer credited with discovering CVE-2022-32946, the now-patched security flaw relates to the DoAP service thats built into AirPods for Siri and Dictation support, allowing a malicious actor to create an app that could be connected to the AirPods through Bluetooth and capture audio in the background. Although the attack needs the app to have access to Bluetooth, this restriction can easily be gotten around because users who offer the app Bluetooth access are unlikely to anticipate that it may also give the app access to their Siri talks and audio from dictation.
Apple's iOS 16.1 update included fixes for 20 flaws in total, such as the CVE-2022-42827 Kernel vulnerability that Apple stated is currently being exploited.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news