Tech giant Apple has announced a “serious security vulnerability” in its iPhones, iPads and Macs, immediately recommending all users update their software to block potential hackers from intruding.
According to various reports, the company said it is “aware of a report that this issue may have been actively exploited”.
Security experts have advised users to urgently update affected devices – the iPhone 6S and later models, newer iPads, and Mac computers running macOS Monterey, reported Sky News. It also impacts some iPod models.
Muhammad Yahya Patel, Security Evangelist at Check Point said cybercriminals will be on the lookout “for any device that hasn’t updated the software in order to access personal information, inject malware or get access to corporate networks”.
In a security update on its support page, Apple said one of the flaws means a malicious application “may be able to execute arbitrary code with kernel privileges” – which website TechCrunch describes as meaning full access to the device.
It said that the other – a WebKit bug – could be exploited if a vulnerable device accessed or processed “maliciously crafted web content may lead to arbitrary code execution”.
The warning to users comes ahead of its traditional September launch of the latest iPhone – expected this year to be named the iPhone 14.
BBC cyber reporter Joe Tidy said: “Software updates are an everyday (and sometimes irritating) part of our modern tech lives, but this is one update not to ignore.
“The cyber security world is rightly concerned about the potential power hackers could wield if they target a device that is vulnerable to this attack.
“So it’s sensible to check the settings on your Apple gear and install the patch. Even better – turn on automatic updates.
“For the vast majority of users there is nothing to panic about as there is no suggestion that hackers have exploited the security loophole to launch mass attacks against the general public.
“It also has to be said that the outcry on social media about the security update is possibly overblown. Apple has released similar emergency security updates throughout the year – most recently in March – without much fanfare or panic.”
Muhammad Yahya Patel, Security Evangelist at Check Point said: “We urge everyone with an affected Apple device to update to the latest software as soon as possible. Cybercriminals will be on the lookout for any device that hasn’t updated the software in order to access personal information, inject malware or get access to corporate networks. Apple has stated this vulnerability may have been exploited against users already. The threat landscape is evolving rapidly, and mobile vulnerabilities and malware are a significant, and often overlooked, danger for both personal and enterprise security.
“Fortunately, there are solutions available, like Check Point Harmony Mobile or Mobile Threat Defense solution that uses real-time threat intelligence to actively guard against malicious malware downloads, zero-day phishing campaigns, OS protection and URL filtering to block access to known malicious websites from any browser. It also enforces conditional access, ensuring that if any device does become infected it will be unable to access corporate applications and data. Harmony Mobile achieves all of this – and more – without disrupting employees or hampering their productivity or user experience.”