Apple this week warned users of serious security vulnerabilities affecting iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.
Security experts have advised users to update affected devices – the iPhone6S and later models; multiple models of iPad, including 5th generation and later, all iPad Pro models, and the iPad Air 2; and Mac computers running MacOS Monterey. The bug also affects some iPod models.
Without the latest update, a hacker could take complete control of Apple devices. That would allow intruders to pose as the device’s owner and then run any software on their behalf, said Rachel Tobac, CEO of SocialProof Security.
The good news? There is a simple solution: just update your Apple phone, computer or tablet.
WHY IS UPDATING YOUR APPLE DEVICE SO URGENT?
Updates can be time consuming and sluggish. However, they are necessary to protect your device from hackers who could run malicious code on your device.
WHY WON’T MY APPLE DEVICE DO THIS FOR ME?
Apple devices are set to update automatically by default, but it can be faster to check for the latest updates and do it manually.
WHICH APPLE DEVICES ARE AFFECTED?
Affected devices include the iPhone6S and newer models; multiple models of iPad, including 5th generation and later, all iPad Pro models, and the iPad Air 2; and Mac computers running MacOS Monterey. The bug also affects some iPod models.
HOW DO I UPDATE MY DEVICE?
To update your Apple device to the latest operating system that includes the security patches on your phone, go to Settings, click General, and then click Software Update. On Mac, go to System Preferences, then Software Update.
HOW HIGH IS THE RISK THAT MY PHONE WAS COMPROMISED BEFORE I INSTALLED THE UPDATE?
Unless you are a journalist, political dissident or human rights activist, the chances are extremely slim. The types of spyware designed to exploit Apple-patched type vulnerabilities are expensive and used for targeted hacking.
Apple did not say in the reports how, where, or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was quoted.
Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit such vulnerabilities by exploiting them in malware that stealthily infects target people’s smartphones, siphons their content and monitors the targets in real-time.
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.
Security researcher Will Straach said he didn’t see a technical analysis of the vulnerabilities that Apple just patched. The company has previously acknowledged similarly serious shortcomings, noting what Strafach estimated at perhaps a dozen times that it was aware of reports that such vulnerabilities were being exploited.