Apple said it has discovered two serious security flaws in iPhones, iPads, and Macs, which could potentially allow attackers to take complete control of devices.
The company disclosed that the phones affected by the flaws include all iPhone 6s models and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
To address this, Apple has released emergency security updates and advised the users of the devices to update their software to avoid attacks.
The two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel, essentially the core of the operating system.
What Apple is saying
- Apple in a security update said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content that may lead to arbitrary code execution,” while the second bug allowed a malicious application “to execute arbitrary code with kernel privileges,” which means full access to the device. The two flaws are believed to be related.
- Apple added that it is “aware of a report that this issue may have been actively exploited,” meaning that any devices that have not been updated could be running the risk of attack.
- Apple did not give any further information on how many users were affected by the vulnerability. The warning to users comes ahead of its traditional September launch of the latest iPhone – expected this year to be named the iPhone 14.