Apple has released security updates for iPhones, iPads and Macs after disclosing a series of vulnerabilities that could allow attackers to secretly take control of the devices.
The company said it was “aware of a report that this issue may have been actively exploited,” suggesting that cybercriminals have already targeted the vulnerabilities to compromise users of Apple devices.
Apple has released two security updates, the first addressing issues affecting iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later – as well as models from 7th generation of iPod touch.
The second security update addresses vulnerabilities in MacOS Monterey, Apple’s desktop operating system for Macs.
Apple did not specify the number of victims
Either way, the vulnerabilities could allow cyber attackers to execute arbitrary code at the kernel and WebKit level, which ultimately allows attackers to execute malicious code on devices, to the point to be able to take control of it. This could allow attackers to conduct various forms of malicious and cybercriminal activities, putting the user at risk.
The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers: CVE-2022-32894 for the kernel vulnerability and CVE-2022-32893 for the WebKit vulnerability. In each case, the discovery of the vulnerabilities was attributed to an anonymous researcher.
Apple didn’t say how many users were affected by the vulnerabilities, but the warning about active bug exploitation suggests cyberattackers are already on the hunt for victims.
Most users are unlikely to be actively targeted by cyber attackers looking to exploit vulnerabilities – these are more likely to be exploited by commercial spyware operators and state-backed hacker groups – but it is always good to apply security updates as soon as possible in order to stay safe.
Applying security updates to any device or operating system regularly is good security practice and can go a long way in protecting devices and people from cyberattacks.
(function(d, s, id) var js, fjs = d.getElementsByTagName(s); if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/fr_FR/all.js#appId=243265768935&xfbml=1"; fjs.parentNode.insertBefore(js, fjs); (document, 'script', 'facebook-jssdk'));