Apple Security Flaw Could Let Hackers Control iPhones, iPads And Macs—What You Need To Know And How To Fix It

Forbes
Published 5 months ago
Apple Store Opens In Knightsbridge

TOPLINE

Apple has warned of serious security flaws for iPhones, iPads and Macs that could allow hackers to take complete control of devices and may have been “actively exploited,” urging customers to update their devices as soon as possible in a rare admission from the tech giant that takes pride in its security measures.

KEY FACTS

Apple dropped two surprise software updates on Wednesday to fix major security vulnerabilities it said could allow hackers to take complete control of users’ devices. 

Updates have been made available to affected devices, which include the iPhone 6s and later models, all iPad Pro models, the iPad Air 2 and later, the iPad 5th generation and later, the iPad mini 4 and later, the iPod touch 7th generation and Mac computers running macOS Monterey.

Security experts have urged affected users to update software swiftly in order to fix the flaw and secure their devices. 

To update software on an iPhone, iPad or iPod touch—either iOS 15.6.1 or iPadOS 15.6.1—go into “Settings,” tap “General,” then “Software Update” and “Download and Install.”

To update a Mac running macOS Monterey, go to “System Preferences,” then “Software Update” and hit “Update Now” or “Upgrade Now.” 

Apple did not disclose how many people had been affected by the vulnerabilities but said it is aware of credible reports that both had been “actively exploited.

WHAT WE DON’T KNOW

How the vulnerabilities were discovered. Apple provided few details on how it became aware of the flaws or who had made the discoveries, crediting both to anonymous researchers. There have been no confirmed reports so far of cases where the vulnerabilities were used against users or their devices. In its security reports, Apple said it does not disclose, discuss or confirm any security issues until after an investigation has occurred and patches are available.

KEY BACKGROUND

Vulnerabilities discovered before the producer, in this case Apple, is aware of them are known as zero-day vulnerabilities, referring to the fact that the creator has zero days warning to counter it. Such flaws can be extremely valuable and both hackers and vendors will pay large sums of money to get ahold of them. While serious flaws have been exploited to spy on users through smartphones—Israeli firm NSO Group has allegedly hacked high-profile journalists and world leaders—they are often directed at high-profile individuals rather than the public at large. 

FURTHER READING

Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack (TechCrunch)

By Robert Hart, Forbes Staff