Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs, which could potentially allow attackers to take complete control of devices. Apple added that it is “aware of a report that this issue may have been actively exploited”. Security experts have advised users to urgently update affected devices – the iPhone 6S and later models, newer iPads, and Mac computers running macOS Monterey. It also impacts some iPod models. In a security update on its support page, Apple said one of the flaws means a malicious application “may be able to execute arbitrary code with kernel privileges”. More information: https://news.sky.com/story/apple-discloses-serious-security-vulnerabilities-for-iphones-ipads-and-macs-12676245 

Subscribe
Notify of
guest

9 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Andy Norton
Andy Norton , European Cyber Risk Officer
InfoSec Expert
August 19, 2022 2:28 pm

This clearly has wide reaching implications. Apple products have become a mainstay of everyday life, Facial recognition, banking apps, health data, pretty much everything we hold dear resides on our apple products. Historically, many people have not updated their apple products for fear of shortening the life span of their devices, that behaviour now must change. Follow the guidance, patch now.

Last edited 3 months ago by Andy Norton
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
August 19, 2022 2:28 pm

This story perfectly illustrates why regularly updating your devices with the latest versions of software is so important. Flaws like this are somewhat inevitable in software and hackers will always find them. However, software companies are typically very good at ‘patching’ any flaws very quickly and release these fixes as updates. By regularly installing any updates, you’re effectively ensuring your device’s security doesn’t have holes in it and mitigating a lot of cyber risks. So update quickly and often!

Last edited 3 months ago by Jamie Akhtar
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
August 19, 2022 2:27 pm

Regardless of Apple’s recent disclosure of a serious vulnerability affecting millions of iPhones, iPads and Macs, it wouldn’t be prudent for anyone to panic. While the vulnerability could allow threat actors to take full control of a device, stay calm and simply get control of your devices and download the software updates available from Apple. Do that and move on. In a rare case, will we find out how threat actors were able to exploit the current vulnerabilities. Overall, follow Apple instructions if you think you are infected and consult your IT department at work, school, etc, as needed for more information. With billions of Apple devices in use around the world, security can’t be a luxury for Apple and it’s not; it’s a responsibility they take seriously. Failing is ok as no one is perfect. Failing consistently is not. Generally, Apple is a more secure platform, but they must continue to invest and demonstrate that continued commitment going forward.

Last edited 3 months ago by Sam Curry
John Goodacre
John Goodacre , Director of UKRI’s Digital Security and Professor of Computer Architectur
InfoSec Expert
August 19, 2022 2:26 pm

Unfortunately, we live in a world where those developing software must continuously introduce fixes. Equally, customers too must apply those patches, often with some urgency to address the vulnerabilities. Until we can build security in by design, such stories demonstrate the importance of updating one’s devices regularly.

Last edited 3 months ago by John Goodacre
Tom Davison
Tom Davison , EMEA Technical Director
InfoSec Expert
August 19, 2022 2:25 pm

Apple have released few details about the vulnerabilities other than the fact that they can allow ‘full admin access’ and have been ‘actively exploited in the wild’. This makes them as bad as it can get and users should update as soon as possible. There are several known examples of previous vulnerabilities being exploited to deliver spyware to devices, such as NSO Group’s Pegasus. This can happen even without any user interaction. While most users are unlikely to have been targeted, when considering the sensitivity of data on our devices – both personal and corporate – protection from compromise should be a number one priority.

Last edited 3 months ago by Tom Davison
Information Security Buzz
9
0
Would love your thoughts, please comment.x
()
x