Hackers could take over numerous Apple devices via a vulnerability in the operating systems. Apparently, the gaps have already been exploited. The Group provides a number of updates.
The technology group Apple warns of security gaps and calls for updating the operating systems of iPhones, iPads and Mac computers. Hackers could use the vulnerability to take control of the devices and access data, Apple said. Accordingly, the vulnerability could already have been actively exploited. The company did not provide any further details.
iPhones from the 6th generation and all iPads Pro, iPad Air 2 and higher, the iPad from the 5th generation, iPad mini from the 4th generation and the iPod touch from the 7th generation are affected, it said. The current operating system versions are iOS 15.6.1 for the iPhone and iPadOS 15.6.1 for the tablets and macOS Monterey 12.5.1 for Apple’s computers – they are available for download.
Apple advises users to update the operating systems of affected iPhones and iPads. Prepared websites could use the gap to run any software code, Apple explained. “Put simply, a cybercriminal could place malware on your device just by looking at an otherwise harmless website,” IT security firm Sophos warned.
This vulnerability posed an even greater threat to iPhones and iPads than Mac computers: all browsers on the mobile devices run with WebKit and not just the in-house program Safari. The second vulnerability was in the so-called kernel, the central part of the operating system. An attacker who has already gained access to the device could use it to access all sorts of data, Sophos emphasized.
Such security gaps are considered very valuable and are usually exploited in a targeted manner by secret services and developers of surveillance software. The Pegasus software from the Israeli spy software company NSO, which also exploited vulnerabilities on Apple devices, became well known.
Apple referred to information from an anonymous researcher about the security gaps that have now been patched. Like other companies, the iPhone group awards rewards for information about discovered vulnerabilities. In recent years, Apple has repeatedly disclosed security vulnerabilities when releasing updates. With the software updates, users have to become active themselves in order to install them.