A newly discovered security exploit is already taking over iPhones, iPads, and other Apple devices in the wild, and Apple people should drop everything and get the latest software update.
Less than three weeks before introducing the newest iPhone is not the best time for Apple to announce that a massive security problem has been found in the last several years’ newest iPhones. But that’s where we are, as CNN reports that an Apple security vulnerability has been discovered, one so severe that the DHS’ Cybersecurity & Infrastructure Security Agency says “An attacker could exploit one of these vulnerabilities to take control of an affected device.”
In typical frustrating Apple language, they downplay it with the technical terminology that “An application may be able to execute arbitrary code with kernel privileges.” But Apple is at least more clear on which devices can be affected, which per Apple, are “iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)”
The Verge explains how to update your Apple software, which is thankfully simple:
iPhone and iPad: Settings > General > Software Update
Mac: System Preferences > Software Update
And do this ASAP, because security blog Dark Reading says the vulnerability is already being exploited in the wild. “The company said it is aware of reports of attackers actively exploiting the bug,” that site reports.
There are actually two security vulnerabilities identified, the more dangerous of the two is to an HTML rendering tool called WebKit. “A booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code,” according to software form Sophos. “Simply put, a cybercriminal could implant malware on your device even if all you did was to view an innocent-looking web page.”
It is a pain, albeit a brief one, to update your software. But the risks massively outweigh the inconvenience, and Apple has at least given their users a heads up.
Related: Apple and Facebook Both Duped By Hackers Posing as Law Enforcement, Handed Over Personal Data [SFist]
Image: Haidan via Unsplash