Full access: Apple warns of security flaw for iPhones, iPads and Macs

Apple has fixed a series of serious security vulnerabilities affecting iPhones and iPads and Macs, which it said may have been actively in use to take complete control of victim’s devices.

Security experts have advised users to update affected devices — the iPhone 6S and later models; all iPads capable of running iPadOS 15; and Mac computers running MacOS Monterey. The fix for the exploits is included in the iOS 15.6.1, iPadOS 15.6.1 and macOS Monterey 12.5.1 updates issued overnight on Thursday.

Apple says it has fixed two vulnerabilities that allowed hackers to spy into iPhones and Macs.Credit:AP

One of the vulnerabilities affected Webkit, Apple’s browser engine that powers Safari and other apps, and allowed attackers to take control of devices by pointing users to certain web content. The other affected the kernel, which is the very core of Apple’s operating system, and could be leveraged by attackers using malicious apps.

Both software flaws could potentially allow attackers to take complete control of devices, Apple said in security reports for MacOS Monterey and iOS 15.

Apple said it is “aware of a report that this issue may have been actively exploited,” but that its policy is not to discuss or confirm security issues until it has rolled out a fix.

The disclosure comes little more than a month after Apple announced it was working on an “extreme” new form of security for its iPhones, which would protect users even if they were targeted by the most sophisticated nation states.

High-end spyware typically leverages vulnerabilities like those found in WebKit, or previously through flaws in iMessage, to gain access to phones without the victim’s knowledge. Finding and exploiting flaws that even Apple doesn’t know about requires intensive research, and can cost nations millions per attack.

Apple’s explanation of the latest vulnerabilities means a hacker could get “full admin access to the device” so that they can “execute any code as if they are you, the user,” said Rachel Tobac, CEO of SocialProof Security.

Those who should be particularly attentive to updating their software are “people who are in the public eye” such as activists or journalists who might be the targets of sophisticated nation-state spying, Tobac said.

AP, with staff reporters

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.

Most Viewed in Technology

From our partners

Source: Read Full Article