Simple steps to protect yourself from the Apple security vulnerability: A serious security vulnerability has been found in iPhones, iPads, and Macs, according to Apple, which may allow attackers to gain entire control of a victim’s devices.
A serious security vulnerability has been found in iPhones, iPads, and Macs, according to Apple, which may allow attackers to gain entire control of a victim’s devices.
Apple had just published a security update to stop the exploit when the news was made. Go to the Settings app, General, then Software updates to apply this security update. The most recent versions of iOS and iPadOS are 15.6.1 and 12.5.1, respectively.
How did the attack go?
According to Apple, the vulnerability could have been exploited by “processing web content”, meaning they access a web page that contains malicious code.
By directing a victim to such a web page, an attacker who knew about the vulnerability – and how to exploit it – would be able to run any code they wanted on the victim’s device.
Usually, devices restrict the types of code that can be run on them to users with certain privileges – but this vulnerability allowed the code to be run with kernel privilege.
The kernel is the core part of iOS. It has unrestricted access to all aspects of the operating system – meaning the attacker can have complete control over the victim’s device.
Which devices are affected?
The two vulnerabilities were found in WebKit, the browser engine that powers Safari, and the kernel, which is the core of the operating system.
Security experts have advised users to update affected devices including the iPhone 6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey.
The flaw also affects some iPod models.
Who used it to attack people?
Apple says it is aware of a report that the vulnerability may have been actively exploited.
However, the company did not provide further details.
Who found this problem?
The researcher who reported the vulnerability chose to remain anonymous.
There could be a number of reasons why they are doing this, including simply that they didn’t want the attention the report would have gotten them.
It is also possible that the researcher works for a company or government organization that was the target of this vulnerability.
If so, by revealing that they were aware of the attack – by attributing the disclosure to a name associated with the victim – the attacker can get feedback on their offensive operation.
Simple steps to protect yourself?
Cyber security experts have advised people to urgently update the devices affected.
To update your phone…
Go to Settings > General > Software Update.
To update your Mac…
Go to System Preferences > Software Update.
The update for iOS and iPadOS is version 15.6.1
For MacOS it is version 12.5.1
For tvOS it is version 15.6
For watchOS for Apple Watch Series 3, it is version 8.7.1
For watchOS for Apple Watch Series 4, 5, SE, 6, and 7 it is version 8.7
Apple says: ‘This update provides important security updates and is recommended for all users.’