Apple Security Flaw Being Actively Exploited

Apple users are being warned to immediately update their iPhones, iPads and Macs, due to a couple of security vulnerabilities that can allow hackers to seize control of their devices.

And to make matters worse, Apple on a security update website said it is “aware of a report that this issue may have been actively exploited.” It credited an unnamed research for disclosing both flaws to it.

The good news is that the firm has released a security update that closes the vulnerabilities for the affected models.

Security flaw

Apple users are advised to download and install the latest version of iOS and iPadOS (15.6.1), and update their macOS as well to 12.5.1.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,” the firm stated.

The vulnerabilities that have now been patched concern the Kernel, and WebKit (part of the Safari web browser).

So what models are impacted?

Well it seems that iPhones dating back to the 6S model, iPad 5th generation and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models and the 7th generation iPod touch are impacted.

The vulnerabilities are so serious they give hackers the ability to take control of a device’s operating system to “execute arbitrary code” and potentially infiltrate devices through “maliciously crafted web content.”

The vulnerability also extends to Mac computers running the company’s Monterey OS as well as Apple’s Safari browser on its Big Sur and Catalina operating systems, Apple has noted.

Users are advised to go to their settings menu and select ‘software update’ or ‘about this mac’, to see what version of OS they are running.

CISA – ‘update now’

The patch from Apple has led the US cyber security government agency to warn people to update now.

“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari,” said CISA. “An attacker could exploit one of these vulnerabilities to take control of an affected device.

“CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible,” it added.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

2 days ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

2 days ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

3 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

3 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 days ago