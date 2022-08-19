Apple users have been told to update their software to block potential intrusions after the tech giant discovered serious security vulnerabilities in its iPhones, iPads and Macs.

It said zero-day software flaws could allow attackers to take full control of these devices.

Cybersecurity experts warn that hackers can track users’ location, read messages, view someone’s contact list, and even access their microphone and camera.

Here MailOnline answers all the important questions and tells you what to do to protect yourself.

What happened?

Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take full control of these devices.

The company released two security reports on the issue on Wednesday, although they did not receive widespread attention outside of technical publications.

Apple said the vulnerability meant a hacker could gain “full administrative access” to the device.

That would allow intruders to impersonate the device’s owner and then run software in their name, said Rachel Tobac, CEO of SocialProof Security.

Andy Norton, Chief Cyber ​​Risk Officer at Armis, said: “Obviously this has far-reaching implications.

“Apple products have become a mainstay of everyday life, facial recognition, banking apps, health data, pretty much everything we hold dear is on our Apple products.

“Historically, many people have not updated their Apple products for fear of shortening the lifespan of their devices. That behavior has to change now.”

Which devices are affected?

The two vulnerabilities were found in WebKit, the browser engine that powers Safari, and the kernel, the core of the operating system.

Security experts have advised users to update affected devices including iPhone 6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models, and the iPad Air 2; and Mac computers running macOS Monterey.

The error also affects some iPod models.

Apple announced on Wednesday that they discovered security flaws in their iPhones, Macs, iPads and watches

Who is at risk?

Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was named.

However, commercial spyware companies, such as the Israeli NSO Group, are known for identifying and exploiting such errors.

NSO Group is blacklisted by the US Department of Commerce. The spyware is known to have been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.

Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched.

The company has previously acknowledged similar serious flaws and noted, according to Strafach, that it was aware of reports that such vulnerabilities had been exploited.

Those who should pay particular attention to updating their software are “people in the public eye,” such as activists or journalists who may be targets of sophisticated espionage by nation-states, Tobac said.

What would happen if the vulnerability were exploited?

In an update on its support page, Apple said one of the flaws means a malicious application “could potentially run arbitrary code with kernel privileges.”

This means that an attacker who gains access to an Apple device could potentially take over the entire operating system, acquiring the kind of “administrative superpowers” normally reserved for Apple itself.

This allows them to change system security settings, take screenshots, find your location, use cameras on the device, copy text messages, and monitor your browsing.

There’s also a remote code execution hole in Apple’s HTML rendering software (WebKit), meaning that a booby-trapped webpage can trick iPhones, iPads, and Macs into using unauthorized and untrusted software code.

Independent security researcher Sean Wright said the two vulnerabilities “could be linked together so that remote attackers can gain full access to victims’ devices.”

In an update on its support page, Apple said one of the flaws means a malicious application “could potentially run arbitrary code with kernel privileges” — which has been described as full access to the device.

“Apple has revealed some pretty serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow hackers to take full control of these devices,” Jake Moore, Global Cybersecurity Advisor at ESET Internet Security, told MailOnline.

“If exploited, attackers can see your location, read messages, view contact lists, and possibly even access the microphone and camera — all things you don’t want there.

“Everyone should be careful in updating their devices, but those in the public eye, such as activists, politicians and journalists, should act more quickly because they were previously targets of nation-state espionage.

Commercial spyware company NSO Group is known for debugging and exploiting bugs in Apple’s iOS and then deploying malware to infect smartphones to steal data and monitor targets in real time.

“It’s better to be safe than sorry and that’s why it’s vital to update all devices immediately, which doesn’t take long over Wi-Fi.”

How did Apple discover the vulnerability?

The company has yet to disclose how the bugs were found, except to name “an anonymous researcher.”

It also didn’t say where in the world they were used or who did this and for what purpose.

Apple has simply said, “For the protection of our customers, Apple will not disclose, discuss, or confirm security vulnerabilities until an investigation has been completed and patches or releases are available.”

Brian Higgins, security specialist at Comparitech, said: “Apple usually relies on software updates to keep their platforms safe and hopes that any ‘bugs’ go largely unnoticed between releases.

“It’s rare for them to become public in this way, which means everyone should take this threat seriously and update as soon as possible.”

What are Zero Day Exploits?

The two vulnerabilities patched by Apple on Wednesday represent the sixth and seventh “zero-day” exploits Apple had to fix this year.

These are software vulnerabilities that are discovered by attackers before the vendor is aware of them.

Because the vendors are not aware, this means that there is no patch for zero-day vulnerabilities, making attacks more likely to succeed.

How can you protect yourself?

Cybersecurity experts have advised people to urgently update the affected devices.

Update your phone…

Go to Settings > General > Software Update.

Updating your Mac…

Go to System Preferences > Software Update.

Cyber ​​security experts advised people to urgently update affected devices

The update for iOS and iPadOS is version 15.6.1

For MacOS this is version 12.5.1

For tvOS this is version 15.6

For watchOS for Apple Watch Series 3, this is version 8.7.1

For watchOS for Apple Watch Series 4, 5, SE, 6 and 7, this is version 8.7

Apple says, “This update provides important security updates and is recommended for all users.”

The company has not released any further details on how many users are affected by the vulnerability.

Sam Curry, chief security officer at Cybereason, said, “Regardless of Apple’s recent disclosure of a serious vulnerability affecting millions of iPhones, iPads and Macs, it wouldn’t be wise for anyone to panic.

While the vulnerability could allow cybercriminals to take full control of a device, you should stay calm and just take control of your devices and download Apple’s software updates. Do that and move on.

In a rare case, will we find out how threat actors have been able to exploit current vulnerabilities. In general, if you believe you are infected, follow Apple’s instructions and consult your IT department at work, school, etc. for more information, if necessary.”