Apple Security Flaw Being Actively Exploited

Tom Jowitt,
Linkedin
Image credit: Apple

Update now. Vulnerability impacts a number of Apple iPhone, iPad and Mac models, and the flaw has been actively exploited

Apple users are being warned to immediately update their iPhones, iPads and Macs, due to a couple of security vulnerabilities that can allow hackers to seize control of their devices.

And to make matters worse, Apple on a security update website said it is “aware of a report that this issue may have been actively exploited.” It credited an unnamed research for disclosing both flaws to it.

The good news is that the firm has released a security update that closes the vulnerabilities for the affected models.

The State of Quantum Security

Security flaw

Apple users are advised to download and install the latest version of iOS and iPadOS (15.6.1), and update their macOS as well to 12.5.1.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” the firm stated.

The vulnerabilities that have now been patched concern the Kernel, and WebKit (part of the Safari web browser).

So what models are impacted?

Well it seems that iPhones dating back to the 6S model, iPad 5th generation and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models and the 7th generation iPod touch are impacted.

The vulnerabilities are so serious they give hackers the ability to take control of a device’s operating system to “execute arbitrary code” and potentially infiltrate devices through “maliciously crafted web content.”

The vulnerability also extends to Mac computers running the company’s Monterey OS as well as Apple’s Safari browser on its Big Sur and Catalina operating systems, Apple has noted.

Users are advised to go to their settings menu and select ‘software update’ or ‘about this mac’, to see what version of OS they are running.

CISA – ‘update now’

The patch from Apple has led the US cyber security government agency to warn people to update now.

“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari,” said CISA. “An attacker could exploit one of these vulnerabilities to take control of an affected device.

“CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible,” it added.