A security expert said iPhone and other Apple device users need to update their software immediately after the firm issued a series of updates last week.
Apple issued software fixes in iOS 15.6.1, including a vulnerability in the iPhone kernel known as CVE-2022-32894 that can allow an application to be executed at the kernel level.
“Apple is aware of a report that this issue may have been actively exploited,” Apple stated on its support page last week.
And the other issue that was fixed in iOS 15.6.1 is a flaw in WebKit, the engine that the Safari browser uses, being tracked as CVE-2022-32893. The flaw could allow for code execution via Safari.
While Pierson noted that Apple revealed few details about the security flaw, it means that users’ files and pictures could be vulnerable.
The first security vulnerability targets the device’s kernel, Pierson told the media outlet. The kernel is “the heart and brains of every Apple device–that a fundamental flaw in it could allow any external attacker, used by a nation-state intelligence agency, the ability to access your entire device.”
“The second is a flaw in what’s called WebKit,” he said. “WebKit is the brains behind the Safari web browser. So what this means is that if somebody were to go ahead and put malicious code on a website—and they were to be triggered by Safari—that your device could be, if you weren’t patched, compromised once again.”
But another cybersecurity security expert said the bug-fix is “pretty run of the mill.”
“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari. An attacker could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page,” the bulletin reads.