This week, a federal agency sent a warning about a vulnerability that impacts iPhones, iPads, Macbooks, and other Apple devices, saying that it could lead to major security breaches.
The bulletin also said that it issued a “binding operational directive” to issue updates to fix the problem, requiring federal civilian agencies to “remediate identified vulnerabilities by the due date to protect” its “networks against active threats.”
According to CISA, the agencies were given about three weeks to patch the issue. The deadline was set for Feb. 21, 2024.
But CISA also warned that it “strongly urges all organizations,” such as companies, to respond to the bug.
On a separate website, officials say that the issue has been fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and, iPadOS 16.2, and tvOS 16.2. “An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1,” the bulletin said.
In a separate instance last month, CISA sent out an advisory for iPhone and other iOS users to update their products for another security issue.
As usual, Apple provided few details about the fixes in the latest update, which applies to iPhones and iPads. But one of the fixed issues, known as CVE-2024-23222, was a vulnerability in WebKit, which runs the Safari browser, that could allow an actor to execute code on a device.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited,” the Cupertino-based tech giant said on Jan. 22.
Several other bugs that impact WebKit, Safari, reset services, mail, kernel (the core of an operating system), and more were fixed in the update, according to Apple’s support page.
Two WebKit issues also could lead to remote code execution, while the kernel problem could allow an attacker to execute code through an app, it said.
“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page,” the company said.
Here’s How to Update
The update will be automatic for many iPhone users, but it depends on their phone settings.Users can go to the iPhone’s Settings before tapping General, then tapping Software Update to download and install iOS 17.3 (or iOS 16.7.5 or iOS 15.8.1 for older models), as well as the aforementioned security fixes. That download can be accessed regardless of whether the user has automatic updates turned on or off.
