By John Ikani
Apple on Wednesday announced that it has uncovered serious security vulnerabilities in its iPhones, iPads and Macs, and recommended all users update their software to block potential intrusion.
The software flaws could potentially allow attackers to take complete control of these devices, Apple said in two security reports.
The two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel, essentially the core of the operating system.
Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed ‘maliciously crafted web content [that] may lead to arbitrary code execution’.
The second bug allows a malicious application ‘to execute arbitrary code with kernel privileges,’ which means full access to the device.
The two flaws are believed to be related.
Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
According to Tobac, those who should be particularly attentive to updating their software are “people who are in the public eye” such as activists or journalists who might be the targets of sophisticated nation-state spying.
