scorecardresearch
Saturday, Oct 01, 2022

Explained: The vulnerabilities in Apple that India’s IT Minister has flagged — and why you must update your iPhone now

Apple has recommended immediately updating most of its newer iPhones, iPads, and Macs to the latest software and OS versions that it has rolled out

People shop at an Apple Store in Beijing. Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs. The software flaws could potentially allow attackers to take complete control of these devices, Apple said. (AP Photo/Andy Wong, File)

Apple has released operating system updates this week for iPhones, iPads, and Macs that look to fix two serious vulnerabilities that can potentially allow hackers to take complete control of the device.

Minister of State for Electronics & IT Rajeev Chandrasekhar tweeted on Friday (August 19) morning: “Update your iPhones with 15.6.1 to avoid zero-day exploit vulnerabilities @IndianCERT @GoI_MeitY Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack”.

What are these security flaws?

As per the security update report on the Apple website, an application may be able to execute arbitrary code with ‘kernel’ privileges. Kernel is the core of the code for operating systems. Gaining access to this could give the hacker unrestricted control over the hardware and software of an affected device.

The other flaw pertained to the WebKit, which is the engine that powers Apple’s Safari Internet browser and other apps. Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that] may lead to arbitrary code execution”.

“Apple is aware of a report that this issue may have been actively exploited,” the company said.

What are zero-day flaws?

These are essentially loopholes in a particular software, the existence of which even its developer is unaware of. A zero-day vulnerability is detected only when an attack takes place exploiting one, or when companies discover them and issue fixes. Zero-day loopholes in WhatsApp and Apple’s iMessage have been used earlier to install spyware tools. Pegasus, the spyware developed by the Israeli company NSO Group, also used zero-day vulnerabilities.

What devices are affected by the latest flaws and what should users of these devices do now?

Advertisement

All iPhone models including and after iPhone 6S, all iPad Pro models, iPad Air 2 and later models, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) are affected. Among the computing devices, the Macs running macOS Monterey, and Apple’s Safari Internet browser available for macOS Big Sur and macOS Catalina need to be updated.

Apple has recommended immediately updating these devices to the latest software and OS versions that it has rolled out.

Why is it important to update devices?

Advertisement

According to TechCrunch, some successful exploits, such as those of the NSO Group’s Pegasus, use two or more vulnerabilities together to break through a device’s layers of protections. It’s not uncommon for attackers to first target a vulnerability in the device’s browser as a way to break into the wider operating system, granting the attacker wide access to the user’s sensitive data.

Subscriber Only Stories
How European colonisers observed and documented Durga Puja celebrations i...Premium
Useless meetings waste time and $100 million a year for big companiesPremium
Jasprit Bumrah has Sushil Kumar like intimidating aura, without him India...Premium
To better track PLI claims, Govt floats digital platforms for data sharingPremium

Software and hardware OEMs regularly release software updates to keep devices up to date with the latest security flaws and vulnerabilities. It is advisable to keep updating devices as soon as each update is available.

First published on: 19-08-2022 at 02:27:14 pm
Next Story

Tamil Nadu: After video by tribal woman alleges apathy, Chengalpet collector takes action

Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
Advertisement