GoFetch security exploit

In order to bring the exploit to a target system, this device must first be compromised. The usual protective measures recommended for all types of malware should therefore be taken (keep the system and programs up-to-date, use robust passwords, use 2FA wherever possible, be careful online, do not leave the device unattended, create backups, (use a endpoint security software), use a separate admin account and a standard user account for work on your machine, disable app installation outside the app store (or reactivate it afterwards) etc.). That way an attacker will at least have some work to do before the exploit lands on your machine.

I hope Apple will provide more information here soon.

Antidot, your answer is wrong. It is speculated that code running within the browser from a website can potentially extract keys. So all you need to do is visit a website with an exploit code. That could be a website that you visit regularly with an ad that has said code.

Hi Julius

I agree, but even with a drive-by infection, the code still has to be executed on the device, either by the user himself or through a vulnerability in the system (escalation of privileges). It can become really dangerous if a zero-day is used or the system has not been updated.