Time.news – Install software updates on your Apple products. It is the warning issued directly by the company afterwards the discovery in recent days of a vulnerability in some of the hardware developed by the Cupertino company: an opening (technically a bug) that a hacker with fraudulent intentions could exploit to take control of these devices and dispose of the data. The updates (or patches) have been released in the past few days and promise to fix the problem.
The flaws (technically it is so-called zero-day software vulnerabilitiesor not known to the developers, therefore particularly dangerous) would be two: one concerns the kernel, “the deepest layer of the operating system that all devices have in common”, explained Cupertino.
The other, however, concerns Safari and in particular WebKit, the technology on which the browser is based. The version to install to secure your devices is 15.6.1 for iOS, and 12.5.1 for MacOs Monterey. At risk are: all iPhones 6S and later (i.e. those released from 2015 onwards), all iPads from 5th generation onwards (i.e. released since 2014), including iPad Pros and all Macs with Monterey on board.
Zero-day vulnerabilities are in high demand in the market and are worth a lot of money: precisely because they are not known to software developers and they allow to launch attacks in practice without the victim being able to defend himself. With the two discoveries in August, the Cupertino company has fixed seven zero-day vulnerabilities since the beginning of the year.
“We are aware of a report that this problem may have been actively exploited,” the company said. However, Apple has not disclosed if it has any information on how the problem was exploitedthe vulnerability appears to have been discovered by an anonymous researcher.
The bug would allow intruders to impersonate the owner of the device and subsequently run any software in his name, said Rachel Tobac, CEO of SocialProof Security, a cybersecurity company, as reported by the Guardian.
The ones that should pay particular attention to updating your software they are “people who are in the public eye”, such as activists or journalists who could be the target of sophisticated nation-state espionage, Tobac added to the newspaper.