On Friday, Apple urged its hundreds of millions of customers, from those owning iPhones to iPads to Mac computers, to update their devices because of a security flaw.
Apple wrote on its support page that the flaw permits a malicious application to “be able to execute arbitrary code with Kernel privileges,” which could mean full access for someone to the Apple user’s device.
“It’s very rare for them to go public like this, which means everyone should take this threat seriously and update as soon as they are able,” Brian Higgins, security specialist at Comparitech, asserted, according to The Scotsman. “If Apple think it’s so serious that they need to go public, then if you haven’t already installed iOS 15.6.1 you need to go and do it right now.”
The capacity to have full access is “a dream for somebody who is trying to get into your phone for surveillance,” stated Joe Tidy, cyber reporter for BBC News, The Daily Mail reported. He added that it was “a very clever vulnerability that hackers have potentially discovered. … On paper this is a very serious situation for millions, billions of Apple users out there who have got this potential vulnerability.”
Tidy said that a “white hat hacker,” meaning an ethical hacker, had discovered the flaw.
Andy Norton, chief cyber risk officer at Armis, told The Daily Mail: “This clearly has wide-reaching implications. Apple products have become a mainstay of everyday life, facial recognition, banking apps, health data. Pretty much everything we hold dear resides on our Apple products. Historically, many people have not updated their Apple products for fear of shortening the lifespan of their devices. That behaviour now must change.”
Sam Curry, chief security officer at Cybereason, cautioned, “Regardless of Apple’s recent disclosure of a serious vulnerability affecting millions of iPhones, iPads and Macs, it wouldn’t be prudent for anyone to panic. … While the vulnerability could allow threat actors to take full control of a device, stay calm and simply get control of your devices and download the software updates available from Apple. Do that and move on. In a rare case, we will find out how threat actors were able to exploit the current vulnerabilities.”
“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari,” the U.S. Government’s Cybersecurity and Infrastructure Security Agency wrote. “An attacker could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.”
Devices affected by the security flaw include, iPhone (6S and later), iPad Pro, iPad Air (2 and later), iPad (5th generation and later), iPad Mini (4 and later), iPod Touch (7th generation) and Mac computers (on MacOS Monterey, 12.5.1)