Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs, which could potentially allow attackers to take complete control of devices. Apple added that it is “aware of a report that this issue may have been actively exploited”. Security experts have advised users to urgently update affected devices – the iPhone 6S and later models, newer iPads, and Mac computers running macOS Monterey. It also impacts some iPod models. In a security update on its support page, Apple said one of the flaws means a malicious application “may be able to execute arbitrary code with kernel privileges”. More information: https://news.sky.com/story/apple-discloses-serious-security-vulnerabilities-for-iphones-ipads-and-macs-12676245
This clearly has wide reaching implications. Apple products have become a mainstay of everyday life, Facial recognition, banking apps, health data, pretty much everything we hold dear resides on our apple products. Historically, many people have not updated their apple products for fear of shortening the life span of their devices, that behaviour now must change. Follow the guidance, patch now.
This story perfectly illustrates why regularly updating your devices with the latest versions of software is so important. Flaws like this are somewhat inevitable in software and hackers will always find them. However, software companies are typically very good at ‘patching’ any flaws very quickly and release these fixes as updates. By regularly installing any updates, you’re effectively ensuring your device’s security doesn’t have holes in it and mitigating a lot of cyber risks. So update quickly and often!
Regardless of Apple’s recent disclosure of a serious vulnerability affecting millions of iPhones, iPads and Macs, it wouldn’t be prudent for anyone to panic. While the vulnerability could allow threat actors to take full control of a device, stay calm and simply get control of your devices and download the software updates available from Apple. Do that and move on. In a rare case, will we find out how threat actors were able to exploit the current vulnerabilities. Overall, follow Apple instructions if you think you are infected and consult your IT department at work, school, etc, as needed for more information. With billions of Apple devices in use around the world, security can’t be a luxury for Apple and it’s not; it’s a responsibility they take seriously. Failing is ok as no one is perfect. Failing consistently is not. Generally, Apple is a more secure platform, but they must continue to invest and demonstrate that continued commitment going forward.
Unfortunately, we live in a world where those developing software must continuously introduce fixes. Equally, customers too must apply those patches, often with some urgency to address the vulnerabilities. Until we can build security in by design, such stories demonstrate the importance of updating one’s devices regularly.
Apple have released few details about the vulnerabilities other than the fact that they can allow ‘full admin access’ and have been ‘actively exploited in the wild’. This makes them as bad as it can get and users should update as soon as possible. There are several known examples of previous vulnerabilities being exploited to deliver spyware to devices, such as NSO Group’s Pegasus. This can happen even without any user interaction. While most users are unlikely to have been targeted, when considering the sensitivity of data on our devices – both personal and corporate – protection from compromise should be a number one priority.