Apple Releases Urgent Security Updates for iPhone After Hackers Exploit Gaps

Hackers have exploited vulnerabilities in Apple’s Safari web browser and the iPhone, iPad, and Mac operating systems, prompting Apple to issue security updates.
Apple Releases Urgent Security Updates for iPhone After Hackers Exploit Gaps
A woman uses an iPhone mobile device as she passes a lighted Apple logo at the Apple store at Grand Central Terminal in New York on April 14, 2023. Mike Segar/Reuters
Tom Ozimek
Updated:
0:00

Apple has released urgent security updates for its iOS and other operating systems to patch against vulnerabilities that both the tech giant and U.S. cyber security officials say are being actively exploited by hackers.

Apple’s security updates patch gaps in operating systems for the iPhone, iPad, and Mac products, as well as its Safari web browser.

Specifically, the software updates target iOS and iPad 17.1.2, macOS 14.1.2, and Safari 17.1.2, with Apple noting that the patches fix two vulnerabilities in WebKit, the browser engine that powers Safari and other apps.
The vulnerabilities, which Apple said were discovered by Google’s Threat Analysis Group, allow hackers to plant spyware or other types of malicious code on users’ devices over the internet.

More Details

One of the Webkit vulnerabilities allows hackers to steal users’ sensitive information that is exposed while processing web content. The other Webkit gap may lead to arbitrary code execution.

Apple said that the security updates involve improving input validation to address the risk that processing web content may disclose sensitive information. The other gap that could lead to arbitrary code execution was patched by improved locking in order to fix a memory corruption vulnerability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also took note of the security gaps in the Apple products.

“A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system,” CISA said in an alert.

No information was available as to who may be exploiting these vulnerabilities.

The security updates for iOS and iPadOS are available for the following: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
The security updates for the Mac operating system are available for macOS Sonoma 14.1.2.
Those for the Safari web browser are available for macOS Monterey and macOS Ventura.

Police Warnings About New iPhone Feature

Earlier, police and sheriff’s departments in multiple states issued warnings about an update on the iPhone and other Apple devices, known as NameDrop, that allows users to share contact details by holding two devices together.

The Middletown Division of Police in Ohio, the Mount Pleasant Department in Wisconsin, and the Henry County Sheriff’s Office in Tennessee, among others, posted warnings on social media regarding the feature.

“If you have an iPhone and have done the recent iOS 17 update. They have set a new feature called NameDrop to default to ON,” the Mount Pleasant Department warning stated. “ This allows the sharing of contact info just by bringing your phones close together. To shut this, off go to Settings, General, AirDrop, and Bringing Devices Together. Change to OFF.”

According to the department’s bulletin, the intent of the warning was to make the public aware of a problem that may not be easy to spot.

“This is intended for the public to be aware of as this is something that can easily be mistaken or looked past by elderly, children or other vulnerable individuals,” the department wrote. “The intentions of the information provided is to inform the public of this feature and adjust their settings as needed to keep their own or their loved ones’ contact information safe.”

In response to the warnings, an Apple spokesperson told USA Today and other outlets that the NameDrop feature is designed to share details “with only intended recipients” and that no contact information is automatically shared when two devices are close as the user must first take action.

“If NameDrop appears on a device and the user does not want to share or exchange contact information, they can simply swipe from the bottom of the display, lock their device or move their device away if the connection has not been established,” the spokesperson said.

The company spokesperson added that “before a user can continue with NameDrop and choose the contact information they want to share, they will need to ensure their device is unlocked. NameDrop does not work with devices that are locked.”

It’s unclear if there have been any cases of hackers stealing users’ personal details via the feature.

Jack Phillips contributed to this report.
Tom Ozimek
Tom Ozimek
Reporter
Tom Ozimek is a senior reporter for The Epoch Times. He has a broad background in journalism, deposit insurance, marketing and communications, and adult education.
twitter
Related Topics