Update Apple Devices Now! Hackers Could Exploit New Security Flaws
Representational use only.Image Courtesy: stocksnap
In a frightening warning reminding of the use of the Israeli NSO Group’s Pegasus spyware by several governments to target the phones of journalists, opposition politicians, human rights activists and others, Apple has said that two security flaws in iPhones, iPads and iMacs could allow a hacker to get full access to these devices and execute codes on the user’s behalf.
Though Apple did not provide specific details on the number of users affected by the flaws, it cited an anonymous researcher saying that it is “aware of a report that this issue may have been actively exploited”. According to security researcher Will Strafach, Apple has previously acknowledged similar serious vulnerabilities around 12 times and was aware of reports that they had being exploited.
In two security reports released on Wednesday and Thursday, the Silicon Valley giant said that flaws affects iPhones as old as the 6S model, iPad 5th generation and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models and the 7th generation iPod touch.
The flaws let hackers take control of a device’s operating system to “execute arbitrary code” and infiltrate them through “maliciously crafted web content”, CNN reported. Even iMacs running Apple’s Monterey OS, Safari browser on its Big Sur and Catalina operating systems are exposed to hackers, the company added.
The two vulnerabilities, according to TechCrunch, were discovered in WebKit, the browser engine that powers Safari and other apps, and the kernel, the core of the operating system. The two flaws affect both iOS and iPadOS and macOS Monterey.
The WebKit bug, Apple added, could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that] may lead to arbitrary code execution” while the second bug allowed a malicious application “to execute arbitrary code with kernel privileges,” which means full access to the device, TechCrunch reported. The two flaws are believed to be related.
Cybersecurity experts have requested Apple users to update their devices with the US Cybersecurity and Infrastructure Security Agency warning that “an attacker could exploit one of these vulnerabilities to take control of an affected device”. Affected users should “apply the necessary updates as soon as possible”, the agency warned.
Essentially, a hacker can get “full admin access to the device” to “execute any code as if they are you, the user,” Rachel Tobac, CEO, SocialProof Security, said. She warned that “people who are in the public eye”, like activists or journalists, should immediately update their devices.
“Apple found two 0-days actively in use that could effectively give attackers full access to device.
For most folks: update software by end of day
If threat model is elevated (journalist, activist, targeted by nation states, etc): update now,” Tobac tweeted.
The NSO Group is infamous for exploiting such flaws, secretly infecting the target’s smartphone, stealing its data and spying on it in real time. The Israeli tech firm, blacklisted by the US Commerce Department, has been used against journalists, dissidents and activists in Europe, the Middle East, Africa, Latin America and India.
Get the latest reports & analysis with people's perspective on Protests, movements & deep analytical videos, discussions of the current affairs in your Telegram app. Subscribe to NewsClick's Telegram channel & get Real-Time updates on stories, as they get published on our website.