The tech giant has issued a software update to fix two vulnerabilities, which may have been exploited to give hackers full control of devices.
Apple has disclosed two security flaws on its iPhone, iPad and Mac devices that could allow attackers to have full control of these devices.
The tech giant has issued new software updates to address the vulnerabilities. Apple said it is aware of a report that these security issues “may have been actively exploited”, but it did not disclose how many users have been affected.
The two vulnerabilities affect iOS, iPadOS and macOS Monterey systems. In a security report, Apple attributed the discovery of these security flaws to an independent researcher.
The first flaw is an out-of-bounds write vulnerability in the operating system’s Kernel. This essentially functions as the core component of an operating system and has the highest privileges in these systems.
An application is able to exploit this vulnerability to execute code with Kernel privileges, giving hackers the ability to execute any commands and effectively take control of the device.
The second vulnerability was discovered in WebKit, the web browser engine used by Safari and other apps that can access the web. This flaw allows hackers to run “arbitrary code execution” on devices that access malicious websites.
A hacker can use arbitrary code execution to try achieve administrator control of the device, according to Okta.
These types of vulnerabilities have been exploited by malicious actors in the past, notably with the use of Pegasus spyware.
Last September, Apple issued an urgent update to address a security flaw that could be exploited to infect iOS devices with the Pegasus spyware.
The security update has been issued for iPhone 6S and later models, the iPad air 2, fifth generation and later, some iPod touch models, all iPad Pro models and Macs running MacOS Monterey.
Cybersecurity experts told the Guardian that those who should prioritise updating their software are people “in the public eye” such as activists or journalists who might be the targets of sophisticated spyware.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Source by www.siliconrepublic.com
