A leading federal cybersecurity agency on Thursday urged users and administrators to update several older iPhone models and older MacOS versions due to a security flaw after Apple issued an update this week.
Apple
announced this week that it released security updates to address a vulnerability in its iPhone 5, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and 6th generation iPod touch.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)
said in a Thursday bulletin that without the updates, “exploitation of this vulnerability could allow an attacker to take control of affected device.”
“CISA encourages users and administrators to review Apple’s advisory ... and apply necessary updates,” the alert said.
The security flaw is fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1, according to Apple. The Cupertino, California-based tech giant is calling on users to upgrade to the latest versions.
Apple’s security updates, pushed out Wednesday, address an issue that could be exploited by a malicious actor and can enable them to take over the affected device. It’s the same issue that Apple
patched in new iOS and MacOS versions in mid-August.
The bug, CVE-2022-32894, allows for “processing [of] maliciously crafted web content [that] may lead to arbitrary code execution.”
The company said that it is aware of a report that the bug “may have been actively exploited,” meaning that hackers may be already targeting users
“An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability,” security and anti-virus firm Malwarebytes
wrote in a blog post on Thursday about the latest update. “Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.”
“The issue is that if a web page is constructed in a certain way, it can cause code to execute on the device outside of the normal containment and effectively create a malware situation on the device that could compromise data, contacts, location, insert malicious SW, etc.,” said Jack Gold, principal analyst at J. Gold Associates,
according to Computer World. “So it’s a big deal.”
To update the software on an iPhone, iPad, or iPod touch, go to the Settings section. From there, tap General before tapping Software Update.
Review the update before tapping” download and install” to update the device.
On a Mac computer, go to System Preferences, then click on Software Update before clicking either Update Now or Upgrade Now. Users can also go to the App Store and click on the Updates tab.