iPhone, iPad, Mac and Safari users are being advised to apply the latest updates to fix security holes that could be used to gain control of a device. On Wednesday and Thursday, Apple pushed out operating system updates to the affected devices to patch the vulnerabilities.
Describing the flaws in its security updates, Apple said that an “application may be able to execute arbitrary code with kernel privileges” and that “processing maliciously crafted web content may lead to arbitrary code execution.” The company also said it was aware of a report that these vulnerabilities may have been actively exploited.
In its own advisory, the Cybersecurity & Infrastructure Security Agency (CISA) urged users to update their devices, warning that “an attacker could exploit one of these vulnerabilities to take control of an affected device.”
SEE: Mobile device security policy (TechRepublic Premium)
For iOS/iPadOS users, the flaws affect the following models: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation). To patch the vulnerabilities, users should update their OS to iOS/iPadOS 15.6.1.
How Apple users can update their devices
To update their devices, iPhone and iPad users should go to Settings and then General and then Software Update. You’ll be told that your OS is up to date or prompted to install the latest update. Mac users would click on the Apple icon in the upper left, select About this Mac, and then click the button for Software Update. You’ll be informed that your Mac is up to date or asked to download and install the latest update. And for Safari users running macOS Big Sur or macOS Catalina, updating the operating system to the latest version automatically updates Safari.
Vulnerabilities that would allow attackers to gain control of an affected device to remotely execute code may sound alarming. But they’re not unusual. Such flaws have impacted Windows, Android and other operating systems and programs. Even Apple, with its supposedly tighter security, isn’t immune.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
“Regardless of Apple’s recent disclosure of a serious vulnerability affecting millions of iPhones, iPads and Macs, it wouldn’t be prudent for anyone to panic,” said Sam Curry, chief security officer for security firm Cybereason. “While the vulnerability could allow threat actors to take full control of a device, stay calm and simply get control of your devices and download the software updates available from Apple. Do that and move on. In a rare case, we will find out how threat actors were able to exploit the current vulnerabilities.”
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays