Apple warned of serious security vulnerabilities for iPhones, iPads, and Macs that could potentially allow attackers to take complete control of these devices.
On Wednesday, the tech giant released surprise software updates for iPhones, iPads, and Macs that fix two critical, security flaws known by Apple to be “actively exploited” by attackers.
In an accompanying security report, Apple confirmed that the two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel, essentially the core of the operating system.
Apple says the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content,” that “may lead to arbitrary code execution.”
While the second bug allowed a malicious application “to execute arbitrary code with kernel privileges,” which means full access to the device.
The two flaws are believed to be related, and affect both iOS and iPadOS and macOS Monterey.
Users have been advised to immediately update affected devices with the new iOS 15.6.1 software. Affected devices include the iPhones 6S and later models; several models of the iPad, including the fifth generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. It also affects some iPod models.
Apple found two 0-days actively in use that could effectively give attackers full access to device.
For most folks: update software by end of day
If threat model is elevated (journalist, activist, targeted by nation states, etc): update now https://t.co/BUEn08260X
— Rachel Tobac (@RachelTobac) August 18, 2022
The update, iOS 15.6.1, also applies to the iPod Touch 7th generation. In addition, Mac computers on MacOS Monterey are affected – with users urged to download ‘12.5.1’.
The issues were found by an anonymous researcher in ‘WebKit’, the browser engine that powers Safari; and ‘Kernel’, which is the core of the operating system.
There have so far been no confirmed reports of specific cases where the security flaw had been used against people or devices, and Apple has made no official statement on the issue further to an update on its website.
The update can be obtained by going to the “Settings” section of a device, and choosing the “Software Update” option. The iOS update is not required for older operating systems such as macOS Catalina and Big Sur.
The security warning to Apple users comes ahead of its traditional September launch of the latest iPhone – expected this year to be named the iPhone 14.
Image credits: Header photo licensed via Depositphotos.