Apple this week warned users of serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take full control of these devices.
Security experts have advised users to update the affected devices – iPhone6S and later models; multiple iPad models, including 5th generation and later, all iPad Pro models, and iPad Air 2; and Mac computers running macOS Monterey. The flaw also affects some iPod models.
Without the latest update, a hacker could take full control of Apple devices. This would allow intruders to impersonate the owner of the device and then run any software on their behalf, said Rachel Tobac, CEO of SocialProof Security.
The good news? There is a simple solution: just update your Apple phone, computer or tablet.
WHY IS UPDATING YOUR APPLE DEVICE SO URGENT?
Updates can take time and be slow. But they are necessary to protect your device from hackers who might run malicious code on your device.
WHY WON’T MY APPLE DEVICE DO THIS FOR ME?
Apple devices are set up for automatic updates by default, but it may be quicker to check for the latest updates and do it manually.
WHICH APPLE DEVICES ARE AFFECTED?
Affected devices include iPhone6S and later; multiple iPad models, including 5th generation and later, all iPad Pro models, and iPad Air 2; and Mac computers running macOS Monterey. The flaw also affects some iPod models.
HOW DO I UPDATE MY DEVICE?
To update your Apple device to the latest operating system that includes security patches on your phone, go to “Settings”, click “General” and click “Software Update”. On the Mac, go to “System Preferences”, then “Software Update”.
WHAT IS THE RISK THAT MY PHONE WAS COMPROMISED BEFORE I INSTALLED THE UPDATE?
Unless you are a journalist, political dissident or human rights activist, the odds are extremely low. Types of spyware created to exploit vulnerabilities of the type patched by Apple are expensive and used in targeted hacking.
Apple did not specify in the reports how, where and by whom the vulnerabilities were discovered. In any case, he quoted an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit these flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their content, and monitors targets in real time.
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he hasn’t seen any technical scans of the vulnerabilities Apple just patched. The company has previously acknowledged equally serious flaws and, on what Strafach estimated to be perhaps a dozen occasions, noted that it was aware of reports that such security flaws had been exploited.