TOC
Patch your Apple devices now to fix these dangerous exploits
If you are an Apple user, whether you own a Mac, iPhone, iPad, or Apple Watch, you should update your devices as soon as possible. Indeed, Apple has discovered three actively exploited vulnerabilities that could cause serious damage to your devices, and patches are already available to fix them.
One of the bugs was discovered in Apple’s security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug involves the WebKit browser engine and could give a malicious actor the ability to execute arbitrary code when a victim views a certain web page.
The third exploit was a flaw in the kernel of a target device that allowed an attacker to elevate their own privileges in the system, even though this required the person to have physical access to the device.
Commenting on these findings, Apple said: “Apple is aware of a report that this issue may have been actively exploited” on its devices in the wild.
Affected devices span the full range of Apple products and include iPhone 8 or later, iPad mini 5th generation or later, Apple Watch Series 4 or later, and any Mac running macOS Monterey or later. If you have one of these devices, it is important that you check for updates as soon as possible.
Apple devices are not invulnerable
Bypassing security measures, running malicious code, and gaining higher than intended system privileges could be very dangerous to a victim’s system and highlight the ever-present threat of hackers and cybercriminals.
The number of bugs discovered – and the wide range of devices they affect – make this a particularly serious incident. This also aptly demonstrates that Apple products are not invulnerable and can be affected by malware.
The three exploits were discovered by Maddie Stone of Google’s Threat Analysis Group and Bill Marczak of the Citizen Lab at the University of Toronto’s Munk School. Just over a week ago, Citizen Lab announced the discovery of another major exploit that affected almost every application and web browser that could display WebP images, making it a major threat to millions of users around the world.
Fortunately, Apple acted quickly to fix the three bugs discussed earlier in this article. The fixes have been deployed in macOS 12.7 and 13.6, iOS 16.7 and iOS 17.0.1, iPadOS 16.7 and 17.0.1, and watchOS 9.6.3 and 10.0.1. Make sure to update your devices as soon as possible to ensure their security.
