Apple Patches Serious Security Flaws With iOS Update

Apple has warned about serious security flaws which hackers may have "actively exploited" and has released an urgent security update for its iPhone, iPad and Mac devices.

Users of these devices are advised to immediately install the software updates that include security patches to fix two zero-day vulnerabilities. 

The patches fix vulnerabilities that allow attackers to execute arbitrary code and take over devices. The flaws lie in the kernel and WebKit functions. 

The update has been made available to iPhone 6s and later, iPad Pro, iPad Air 2 and later and iPad 5th generation and later. It is also available to the iPad mini 4 and later versions and the iPod touch (7th generation). Mac users running macOS Monterey are also being encouraged to update. “For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases,” an Apple advisory notice said.

Software updates are an everyday aspect of our modern tech lives, but this is one update that should not be ignored.

  • One of the software weaknesses affects the kernel, the deepest layer of the operating system that all the devices have in common.
  • The other affects WebKit, the underlying technology of the Safari web browser and Apple said this could be used by hackers if the user accessed "maliciously-crafted web content". 

There have been no confirmed reports of specific cases where the security flaw has been used against people or devices, although there is suspicion that Apple is acting in response to widely reported use of spyware developed by Israel's NSOGroup.

For each of the bugs, the company said it was “aware of a report that this issue may have been actively exploited,” though it provided no further details although crediting an anonymous researcher for disclosing both software flaws.

Previous research has shown that even commercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and spies target users in real time. 

Users should rightly be concerned about the potential power hackers could wield if they target a device that is vulnerable to this attack. While the most vulnerable to these problems are high profile targets like politicians and celebrities, everyone should update their iOS devices as soon as possible.

Apple:     Apple:      Macrumors:    Oodaloop:   Tomsguide:      CBS:   BBC:    Guardian:    Yahoo

You Might Also Read:

Spyware - Apple Starts Legal Action Against NSO Group:

 

« Blacklisted Israeli Spyware Firm CEO Quits
Digital Banking & Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TrustedIA

TrustedIA

TrustedIA - safeguarding your business, it's critical assets, information, reputation and brand.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Cloudburst Security

Cloudburst Security

Cloudburst Security specialize in providing a full spectrum of high-quality, innovative cybersecurity services to both government and commercial organizations.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Talon Cyber Security

Talon Cyber Security

Talon Cyber Security provide a next-generation technology designed to protect against a new category of threats posed by distributed work and accelerated cloud usage.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.