Apple Patches Serious Security Flaws With iOS Update

Apple has warned about serious security flaws which hackers may have "actively exploited" and has released an urgent security update for its iPhone, iPad and Mac devices.

Users of these devices are advised to immediately install the software updates that include security patches to fix two zero-day vulnerabilities. 

The patches fix vulnerabilities that allow attackers to execute arbitrary code and take over devices. The flaws lie in the kernel and WebKit functions. 

The update has been made available to iPhone 6s and later, iPad Pro, iPad Air 2 and later and iPad 5th generation and later. It is also available to the iPad mini 4 and later versions and the iPod touch (7th generation). Mac users running macOS Monterey are also being encouraged to update. “For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases,” an Apple advisory notice said.

Software updates are an everyday aspect of our modern tech lives, but this is one update that should not be ignored.

  • One of the software weaknesses affects the kernel, the deepest layer of the operating system that all the devices have in common.
  • The other affects WebKit, the underlying technology of the Safari web browser and Apple said this could be used by hackers if the user accessed "maliciously-crafted web content". 

There have been no confirmed reports of specific cases where the security flaw has been used against people or devices, although there is suspicion that Apple is acting in response to widely reported use of spyware developed by Israel's NSOGroup.

For each of the bugs, the company said it was “aware of a report that this issue may have been actively exploited,” though it provided no further details although crediting an anonymous researcher for disclosing both software flaws.

Previous research has shown that even commercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and spies target users in real time. 

Users should rightly be concerned about the potential power hackers could wield if they target a device that is vulnerable to this attack. While the most vulnerable to these problems are high profile targets like politicians and celebrities, everyone should update their iOS devices as soon as possible.

Apple:     Apple:      Macrumors:    Oodaloop:   Tomsguide:      CBS:   BBC:    Guardian:    Yahoo

You Might Also Read:

Spyware - Apple Starts Legal Action Against NSO Group:

 

« Blacklisted Israeli Spyware Firm CEO Quits
Digital Banking & Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

ESTsecurity

ESTsecurity

ESTsecurity provides intelligent security threat management solutions to make a safer world.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.