Apple users urged to update devices after security flaw found
Apple users are advised to install the latest security updates for their devices, in order to patch a vulnerability that allows hackers to execute malicious commands.
The vulnerability affects a slew of products in the Apple ecosystem, including the iPhone, iPad and Mac range of computers and laptops.
In a report on Tuesday, the Singapore Computer Emergency Response Team (SingCert) urged users of the affected products to install the latest security updates immediately.
The updates were issued as a Rapid Security Response – a new type of update introduced in May, and only delivered to users who are on the latest version of Apple’s operating system.
This is the second time that Apple has released such an update, after the one in May.
According to Apple’s website, such updates deliver “important security improvements” in between software updates, as well as “mitigate some security issues more quickly.”
The tech giant had earlier pulled the software updates after they caused issues on certain websites, including Facebook and Instagram. It released newer versions on Thursday morning that have rectified the issue.
The latest vulnerability involves the WebKit browser engine that powers Apple apps, including its Safari web browser, as well as all other browsers on its operating platform.
When a user browses malicious Web content, the flaw allows hackers to insert code into the device, enabling them to execute malicious operating system commands.
In its patch notes, Apple said it was aware of a report that the vulnerability may have been actively exploited, but did not elaborate further.
Affected devices are of the following models:
- iPhone 6s (all models)
- iPhone 7 (all models)
- iPhone SE (1st generation)
- iPhone 8 and later
- iPad 5th generation and later
- iPad 3rd generation and later
- iPad Air 2
- iPad mini 4th generation and later
- iPad Pro (all models)
- iPod Touch (7th generation)
- Macs running macOS Big Sur, macOS Monterey and macOS Ventura
This is the 10th zero-day vulnerability that Apple has patched this year.
Such vulnerabilities refer to security weaknesses that could be exploited by attackers before the software provider is aware of their existence.
SingCert also recommended that Apple users enable automatic software updates, which can be performed by going to Settings > General > Software Updates > Enable Automatic Updates.