Apple released two security reports on Wednesday disclosing serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take complete control of these devices.
“An application may be able to execute arbitrary code with kernel privileges,” the company said. “Apple is aware of a report that this issue may have been actively exploited.”
What are the implications of the breach?
Apple’s explanation of the vulnerability means a hacker could get “full admin access to the device”, meaning they can “execute any code as if they are you, the user,” said Rachel Tobac, CEO of SocialProof Security.
Those who should be particularly attentive to updating their software are “people who are in the public eye” such as activists or journalists who might be the targets of sophisticated nation-state spying, Tobac said.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of these flaws, exploiting them in malware that secretly infects a smartphone, takes their contents and surveils the targets in real-time.
NSO Group’s spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Which devices are affected?
Security experts have advised users to update the following affected devices:
- iPhones 6S and later models
- Several models of the iPad, including fifth generation and later
- All iPad Pro models and the iPad Air 2
- Mac computers running macOS Monterey.
- Some iPod models
How do I update my software?
To update the software on your iPhone, iPad or iPod touch, go into Settings.
From there, tap General and then tap Software Update before hitting ”download and install”.
To update the software on your Mac computer, go to System Preferences, then go to Software Update and you’ll see either an Update Now or Upgrade Now button.
If you can’t find Software Update in your System Preferences, try going into the App Store and clicking on the Updates tab.