Unusually shortly after an update of the operating systems last month, Apple is once again carrying out an iOS update. Californians have to close two critical security gaps that could be “actively exploited” by cyber attackers, the group said.
Most of the Group’s devices running the current versions of the operating systems are affected – iPhones and iPads with the iOS or iPadOS 15 software generation, as well as Macbooks and Apple computers with the macOS Monterey operating system. Users should install the latest versions iOS 15.6.1, iPadOS 15.6.1 and macOS Monterey 12.5.1 on their respective devices as soon as possible.
An “anonymous researcher” alerted the company to the gaps. The one vulnerability concerns the software “Webkit”, with which content is displayed in Apple’s own browser Safari. Unlike Apple computers, other browsers on iPhones and iPads also use the Webkit software, so mobile devices are even more at risk. The other vulnerability concerns the “kernel”, i.e. the program core of the operating systems.
Especially the duplication of vulnerabilities is an alarming sign for experts. This would allow attackers to “basically get full access to the device,” says Rachel Tobac, head of Socialproof Security, an IT security consultancy based in San Francisco.
Users who have not yet carried out the security update would only have to visit a certain website so that hackers could play malware on their device via the gap in Webkit. From there, the attacker would get to the core of the operating system via the second vulnerability and could access important data.
According to Apple, the following devices are affected:
-
iPhone from the model 6s (2015)
-
iPad from the 5th generation (2017)
-
iPad Mini from the 4th generation (2015)
-
iPad Air from the 2nd generation (2014)
-
iPad Pro (all models)
-
iPod Touch, 7th Generation (2019)
Previously, Apple’s software was considered safe from hacker attacks and computer viruses. In recent years, however, the group has had to repeatedly publish emergency updates to close security gaps that cyber attackers could have exploited.
Apple: The security vulnerabilities are piling up
The reason for this is Apple’s success. In the past, Californians mainly sold less networked iPods and niche computers for a smaller group of users. An attack was often not worthwhile for cybercriminals for mass reasons – an attack on Windows systems almost always seemed more worthwhile.
However, Apple is now a major player in the tablet market. In addition, the company sold 48 million smartphones in the second quarter of 2022, according to the IT consultancy Strategy Analytics, thus achieving a global market share of 16 percent. This makes Apple devices valuable targets for hackers.
However, Apple is also closing more gaps in its own systems because the tech group has offered a reward for experts who find vulnerabilities and report them to the group. As a result, users get more of the security risks. But the risk of unnoticed security vulnerabilities that hackers could exploit is decreasing.
