Apple device users are being urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that is affecting all previous versions of the software.
The flaw affects Apple’s latest protection feature, the System Integrity Protection (SIP), allowing hackers to bypass it and leave devices at risk of cyber-attacks that could steal their data, according to researcher Pedro Vilaça from security firm SentinelOne.
Only the OS X version 10.11.4 and iOS 9.3, both of which were released on earlier this week at Apple’s launch event are not vulnerable, meaning that the vast majority of Apple devices are currently at risk.
“This kind of exploit could typically be used in highly targeted or state sponsored attacks,” the company said.
However it’s not yet known if patches for any earlier iOS or OS X versions are planned, with Apple yet to comment officially on the news.
The vulnerability, which is commonly enabled via a phishing attack or browser exploit, allows attackers to escalate their privileges to bypass System Integrity Protection on mobile and laptop devices.
It is able to evade previous software defences thanks to its use of very reliable and stable techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss.
SIP, which Apple says goes further than any of its previous security protection services, is also designed to prevent potentially malicious software from modifying protected files and folders, thus protecting the system from anyone who has root access, authorised or not.
Alongside SIP, Apple also announced a number of other security upgrades for its software this week, including a fix for a high-impact vulnerability in Apple’s Messages app which could have allowed an attacker to read protected messages.
Are you a security pro? Try our quiz!
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…
Microsoft warns of Russian influence campaigns have begun targetting upcoming US election, albeit at a…