Apple Patches Serious Security Flaws With iOS Update

Apple has warned about serious security flaws which hackers may have "actively exploited" and has released an urgent security update for its iPhone, iPad and Mac devices.

Users of these devices are advised to immediately install the software updates that include security patches to fix two zero-day vulnerabilities. 

The patches fix vulnerabilities that allow attackers to execute arbitrary code and take over devices. The flaws lie in the kernel and WebKit functions. 

The update has been made available to iPhone 6s and later, iPad Pro, iPad Air 2 and later and iPad 5th generation and later. It is also available to the iPad mini 4 and later versions and the iPod touch (7th generation). Mac users running macOS Monterey are also being encouraged to update. “For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases,” an Apple advisory notice said.

Software updates are an everyday aspect of our modern tech lives, but this is one update that should not be ignored.

  • One of the software weaknesses affects the kernel, the deepest layer of the operating system that all the devices have in common.
  • The other affects WebKit, the underlying technology of the Safari web browser and Apple said this could be used by hackers if the user accessed "maliciously-crafted web content". 

There have been no confirmed reports of specific cases where the security flaw has been used against people or devices, although there is suspicion that Apple is acting in response to widely reported use of spyware developed by Israel's NSOGroup.

For each of the bugs, the company said it was “aware of a report that this issue may have been actively exploited,” though it provided no further details although crediting an anonymous researcher for disclosing both software flaws.

Previous research has shown that even commercial spyware companies such as Israel's NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets' smartphones, siphons their contents and spies target users in real time. 

Users should rightly be concerned about the potential power hackers could wield if they target a device that is vulnerable to this attack. While the most vulnerable to these problems are high profile targets like politicians and celebrities, everyone should update their iOS devices as soon as possible.

Apple:     Apple:      Macrumors:    Oodaloop:   Tomsguide:      CBS:   BBC:    Guardian:    Yahoo

You Might Also Read:

Spyware - Apple Starts Legal Action Against NSO Group:

 

« Blacklisted Israeli Spyware Firm CEO Quits
Digital Banking & Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.