You are currently viewing A Serious Security Flaw on Some Apple Devices

A Serious Security Flaw on Some Apple Devices

The giant company Apple has recommended owners of certain models of its products to update the driver software that has a vulnerability that can control these devices.
The Cupertino, Calif.-based company’s website confirmed that this issue includes iPhone version 6 and later, all iPad Pro devices, iPad 5 and later, and all Mac computers.
The new update can be accessed by going to the “Settings” menu and then heading to “Software Update”, where the user will see a note indicating its importance in terms of security for the user.
Apple announced that the previous version of the driver included “an application that may allow the use of arbitrary code” that grants access to the device and allows the hacker to take control of users’ bank accounts as well as photos. and other virtual data on the smartphone.
The vulnerability was discovered by an unknown researcher on the “Web Kit” search engine that supports the Safari browser and the operating system kernel of Apple devices.
In the note published by the American company on the technical support page, a single vulnerability means that only a malicious application will be able to execute arbitrary code using kernel privileges, which means full access to the device. .
Andy Norton, head of cyber risk at Armis, says the vulnerability appears to have significant implications because Apple products have become an essential part of everyday life, and everything we treasure is in those products.
He adds, “Historically, many users have not upgraded their products for fear of shortening the lifespan of their devices, and this behavior needs to stop. »
Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications.
Social Proof Security CEO Rachel Tobak said Apple’s interpretation of the vulnerability meant a hacker could gain “full administrative access” to the device, which would allow hackers to pose as the device owner and run any program on their behalf.
Security experts have advised users to update the affected devices from iPhone 6s phones to the latest versions and this should also be done with many devices of the iPad models including the fifth generation and later versions.
According to experts, the update should include all models of “iPad Pro” and “iPad Air 2”; and Mac computers running Mac OS X Monterey.
The vulnerability may also affect certain iPod models, but Apple did not specify in the reports how or when the vulnerabilities were discovered.
Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit these flaws, exploiting them in malware that surreptitiously infects smartphones, extracts their content and monitors targets in real time.
NSO Group has been blacklisted by the US Department of Commerce.
Spyware from this group is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Stravach said he hadn’t seen any technical scans of the vulnerabilities Apple had just patched.
Apple has previously acknowledged similar critical flaws, which Stravach says have occurred dozens of times, but Apple has also made it clear that it is aware of reports of exploits for such vulnerabilities.
In April 2021, apps used on iPhones needed to get permission from users if they wanted to collect data about them using other apps and browsing the internet.