On Wednesday, Apple issued an important security warning for users of iPhones, iPads, and Mac computers. Ironically, these warnings received little public attention outside of technology publications. However, Americans should understand that the threat could allow hackers to completely take over one’s devices.
The security threat affects iPhones 6s and later, iPads fifth generation and later, and Mac PCs utilizing the Mac Monterey Operating Software. Also, all iPad Pro devices and all iPad Air 2 models should be updated so that they are not compromised. Fox News is reporting that the iPod Touch 7th generation is also potentially threatened by this malware.
Apple warns that hackers can obtain “full admin access,” which means they can take over the device and “run any software in the device owner’s name.”
The first issue involves “kernel privileges,” which allows the hacker to execute arbitrary code and “perform an operation.” The second issue, is in WebKit, “a layout engine designed to allow web browsers to render web pages.”
Apple’s security professionals are advising users of the above Apple devices to update their devices with the current iOS 15.6.1 update. Most users have likely gotten a reminder from their device to do so. The patches to prevent vulnerability are a part of this latest iOS update.
Apple has not said specifically how they learned of the potential security threat, but AP News gave the example of a commercial spyware company based in Israel that is able to identify and then take advantage of security flaws, the NSO Group. The hacking code is typically hidden in malware, and once in the smartphone, it can steal contact information and “surveil targets in real time.”
NSO Group’s spyware has been utilized in the United States, Latin America, Africa, and in the Middle East. Many times, the malware targets journalists, human rights activists, and dissidents.
Fox News added that “those in the public eye” should be especially vigilant about the update; particularly activists who “might be the targets of sophisticated nation-state spying.”
Tech Monitor is reporting that there have also been similar vulnerabilities in Goodle Chrome, which could inadvertently affect Apple users as well. These threats are referred to as “zero day” flaws. Those with iPads and Mac PCs may have a slightly different update – the iPad update is OS 15.6.1, and Mac update is named macOS Monterey 12.5.1.
The Google vulnerability has given users of Macs, Windows, and Linux operating systems issues as well. The Google threat has been deemed “CVE-2022-2856,” and it is patched in the latest Google update – along with ten other security issues. Tech Monitor reports that consumers using Chromium, which operates Edge, Opera, and Brave, could also be affected by the security vulnerability.
Another security issue has to do with installing Zoom via the Zoom package installer. A vulnerability in the package has been dubbed CVE-2022-28756.
Without the update, Apple software could be vulnerable to hackers, but the patches necessary to protect one’s Apple device are in the aforementioned updates. Apple has yet to say how, by whom, or what users may have been affected by the vulnerability.
Since January, Apple has had to create six patches to prevent hacker vulnerability in its devices. Jake Moore, the global security advisor for ESET, remarked: “(This shows) the persistency of attackers looking for vulnerabilities in popular applications.” Moore added that Mac PCs are often more vulnerable than other Apple devices as many consumers mistakenly believe that the PC is innately protected from viruses and other malware. Moore stressed that it is important for users to install antivirus and other security software in their Macs just as they would any other computer or laptop.