Apple recommends update due to security vulnerabilities in iPad and iPhone

An anonymous researcher has pointed out dangerous vulnerabilities in software. An update is highly recommended for Apple device owners, especially iPhone and iPad.

Visiting harmless websites can be enough to leave an iPad vulnerable to cybercriminals.

Dominic Steinmann / NZZ

(dpa) With a series of software updates for its devices, Apple has closed two security vulnerabilities that may have already been exploited. One of the vulnerabilities was in Apple’s Webkit software, which is used to display content in web browsers.

Websites prepared by scammers could use the vulnerability to run arbitrary software code, Apple explained. “Put simply, a cybercriminal could place malware on your device just by looking at an otherwise harmless website,” warned IT security firm Sophos on Thursday.

iPads and iPhones are particularly threatened

iPhones and iPads were even more vulnerable to this vulnerability than Mac computers. Because on the mobile devices, all browsers – and not just the in-house program Safari – run with Webkit. The second vulnerability was in the so-called kernel, the central part of the operating system. An attacker who has already gained access to the device could use it to access all sorts of data, Sophos explained.

Such vulnerabilities aren’t just useful for criminals. They are also used by secret services and developers of surveillance software to eavesdrop on people. The Pegasus software from the Israeli spy software company NSO became particularly well-known.

Gap finder reward

Apple referred to information from an anonymous researcher about the security gaps that have now been patched. There is also Hints that the loopholes may already have been exploited. The group, like other companies, awards rewards for information about such vulnerabilities.

Apple devices regularly prompt users for updates. In order to protect yourself now, you have to take action yourself. You can install the latest version of the operating system in the device settings under the “Software update” field.

source site-111