article-single

Apple Security Flaw Threatens 'Everything We Hold Dear'

BILLIONS across globe scramble to update iPhones and Macs as tech giant reveals cyber crooks can take control of devices and access bank accounts, photos and more.

Billions of Apple users were today urged to update their devices after the firm disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of them.

The US company said it is ‘aware of a report that this issue may have been actively exploited’ and released two security reports about the issue on Wednesday, but they have only now received more widespread attention.

Security experts told users to update affected devices – the iPhone 6S and later models; and several models of the iPad, including the 5th generation and later, all iPad Pros, the iPad Mini 4 and later and the iPad Air 2 and later.

The update, iOS 15.6.1, also applies to the iPod Touch 7th generation. In addition, Mac computers on MacOS Monterey are affected – with users urged to download ‘12.5.1’. The issues were found by an anonymous researcher in ‘WebKit’, the browser engine that powers Safari; and ‘Kernel’, which is the core of the operating system.

There have so far been no confirmed reports of specific cases where the security flaw had been used against people or devices, and Apple has made no statement on the issue further to an update on its website.

In this note on its support page, Apple said one flaw means a malicious application ‘may be able to execute arbitrary code with Kernel privileges’ – which has been described as meaning full access to the device.

Andy Norton, chief cyber risk officer at Armis, told MailOnline: ‘This clearly has wide-reaching implications. Apple products have become a mainstay of everyday life, facial recognition, banking apps, health data. Pretty much everything we hold dear resides on our Apple products. Historically, many people have not updated their Apple products for fear of shortening the lifespan of their devices. That behaviour now must change.’

The update can be obtained by going to the ‘Settings’ section of a device, and choosing ‘Software Update’.

The iOS update is not required for older operating systems such as macOS Cataline and Big Sur. But Apple also released a separate update to Safari 15.6.1 for these two macOS systems, saying ‘processing maliciously crafted web content may lead to arbitrary code execution’ and it ‘may have been actively exploited’.

Joe Tidy, cyber reporter for BBC News, said the issue was ‘a dream for somebody who is trying to get into your phone for surveillance’ and it was ‘a very clever vulnerability that hackers have potentially discovered’.

He said that ‘on paper this is a very serious situation for millions, billions of Apple users out there who have got this potential vulnerability’ and people would ‘probably not’ even know whether their device had been hacked.

Read the Whole Article