Cupertino Apple has closed two vulnerabilities with a series of software updates for its devices that may have already been exploited. One of the vulnerabilities was in Apple’s WebKit software, which is used to display content in web browsers. Prepared websites could use the loophole to run any software code, Apple explained.
“Simply put, a cybercriminal could place malicious software on your device if you have only looked at an otherwise harmless website,” Sophos, the IT security company, warned on Thursday.
Due to this vulnerability, iPhones and iPads were even more threatened than Mac computers: because on the mobile devices all browsers run with WebKit and not only the in-house program Safari. The second vulnerability was in the so-called kernel, the central part of the operating system. An attacker who has already gained access to the device can use it to access all possible data, Sophos stressed.
Such vulnerabilities are considered very valuable and are usually exploited by intelligence agencies and developers of surveillance software in a targeted manner. The Pegasus software from the Israeli spy software company NSO, which also exploited vulnerabilities on Apple devices, became known in particular.
Apple pointed to information from an anonymous researcher in the security gaps that have now been filled. The iPhone group, like other companies, awards rewards for information about discovered vulnerabilities. In recent years, Apple has repeatedly announced vulnerabilities in the release of updates.
With the software updates, users themselves have to become active in order to install them. The current operating system versions are iOS 15.6.1 for the iPhone and iPadOS 15.6.1 for the tablets and macOS Monterey 12.5.1 for Apple’s computers.