Several serious security vulnerabilities on iPhones, iPads, and Macs have been fixed, which Apple said could have been used to gain complete control of victims’ devices.
Security experts recommend updating affected devices, including the iPhone 6S and later models, all iPads capable of running iPadOS 15, and Mac computers running MacOS Monterey. The fix for the exploits is included in the iOS 15.6.1, iPadOS 15.6.1 and macOS Monterey 12.5.1 updates issued 17th of August 2022.
Applications, like malware, can take advantage of this vulnerability to execute code with kernel privileges, taking complete control of the device.
In Apple’s explanation, a hacker could gain “full admin access to the device,” enabling them to “execute any code as if they were you, the user,” said Rachel Tobac, CEO of SocialProof Security.
The majority of high-end spyware takes advantage of WebKit vulnerabilities and previous iMessage flaws to gain access to phones without the victim’s knowledge. To find and exploit flaws that even Apple is unaware of, intensive research is needed, and attacks can cost nations millions of dollars.
Who can be targeted in these attacks?
Public figures such as activists, journalists, business leaders, politicians or social media personalities are at a greater risk of attack due to social and monetary motivations from hackers. It is recommended that anyone in the public eye update their Apple software to patch the vulnerability urgently.
Generally, these zero-days are mostly used in targeted attacks, but it’s still strongly advised to install the newest Apple security updates on all owned apple devices.