Apple’s security flaws could provide hackers full admin access to your Apple devices. Therefore, experts advise users to update their devices.
Tech giant Apple reveals security malfunctions in its devices, including Macs, iPhones, and iPads. The vulnerabilities could allow hackers to take control of your Apple devices. Therefore a quick update is advisable to avoid possible harm from these issues.
While releasing its security updates on its website, the company specified that potential hackers could exploit its security vulnerabilities. It mentioned, “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. “An out-of-bounds write issue was addressed with improved bounds checking.”
The tech company said it was “aware of a report that this issue may have been actively exploited” but did not reveal how many users had been affected by it.
As per Apple, the bugs exist within WebKit, Apple’s browser engine powering Safari and other applications. The device can exploit one bug if it has processed or accessed “maliciously crafted web content (that) may lead to arbitrary code execution.”
Apple’s support page described the second bug as malicious actors “may be able to execute arbitrary code with kernel privileges,” which readily grants complete access to the Apple device.
The Possible Risks
In the past, the nation-state spyware exploited this type of bug by entering the device’s web browser, gaining complete control of its operating system, and accessing its sensitive data.
Experts have urged Apple users to run a software update to iOS 15.6.1 and iPadOS 15.6.1, and macOS Monterey 12.5.1.
The update listed the following devices affected by the security flaw:
- iPad Air 2 and later,
- iPad 5th generation and later,
- iPad Pro (all models),
- iPad mini 4 and later, and
- iPhone 6 and later
- iPod touch (7th generation)
Apple cited an anonymous researcher as the discoverer of the flaws and refused to mention other details about it. However, the chief executive of SocialProof Security, Rachel Tobac, said in a tweet that the issue could “effectively give attackers full access to [a] device.” She further wrote, “For most folks: update software by end of day if threat model is elevated (journalist, activist, targeted by nation states, etc.): update now.”
She tweeted that famous individuals working on public profiles are at higher risk of getting hacked. For example, journalists or activists are usually targets of nation-state spying.
The news is here when Apple is about to launch its new iPhone 14 on September 7. Apple, however, did not respond to Fortune’s comment request immediately.