Apple has admitted that a large number of its devices have a serious security vulnerability that could allow hackers to take over the devices.
Smartphone users are at risk after the company published two security reports about the flaws but refused to give the specifics about how people would be affected.
Apple has also reportedly stated it was “aware of a report that this issue may have been actively exploited”.
The two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, as well as the kernel which is reportedly essentially the core of the operating system.
The issue was discovered by a researcher who reported it but chose to remain anonymous. But in light of the shock revelation, what can Brits do and what devices does it affect?
What should you do?
Apple released a surprise software update in response to the security issues.
Brits who own an Apple project should download these updates as it will help deal with the issues and give your devices better protection.
To install the software, users should head into the Settings App, go to General, then Software Updates.
Similarly, you can just search updates in the settings search bar.
What devices are affected?
The flaws affect IOS, iPadOS and macOS Monterey meaning all of Apple’s most popular devices – iPhones, iPads and Macs – are all impacted.
Models from the iPhone 6S onwards as well as newer versions of the iPads and Macs that run macOS Monterey are believed to be affected.
What has Apple said?
Apple has reportedly said it was aware of reports the security issue had been actively exploited.
On its website it says: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
“Apple security documents reference vulnerabilities by CVE-ID when possible. For more information about security, see the Apple Product Security page.”
Referring specifically to the security flaws regarding macOS Monterey 12.5.1 it states: “Kernel. Available for: macOS Monterey. Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher.
“WebKit. Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 243557. CVE-2022-32893: an anonymous researcher.”
How does the attack work?
According to Apple the vulnerability could have been exploited by “processing web content” – so accessing a website with malicious code.
If any hackers could exploit the vulnerability it would allow them to execute code with kernel privilege.
The kernel is a key part of the iOS and it has unrestricted access to all parts of the operating system.
This means any attacker could reportedly have complete control over your device.
Rachel Tobac, CEO of SocialProof Security, said that Apple’s description of the security vulnerabilities means a hacker could get “full admin access to the device” and “execute any code as if they are you, the user”.