Apple warns users of major security vulnerability

Apple Inc. has warned users of a serious vulnerability in the security of iPhone, iPad, Mac, and select iPod devices.

On August 17, 2022, the company released two security reports detailing the vulnerabilities, which may allow attackers to seize complete control over affected devices. In the event of a breach, cybercriminals would have the ability to impersonate the owner of the device, downloading and running any software in their name, accessing their personal files and accounts, and more.

In addition to the possibility for criminals to gain “full admin access” to Apple devices, a second breach was discovered in browser engines used by Apple applications like Safari and Mail. This flaw would allow cybercriminals to download malware onto a user’s device.

Apple’s security reports revealed few further details, attributing the discovery of the vulnerabilities to an anonymous researcher.

The affected devices include:

• the iPhone 6S and later models
• the iPad fifth generation and later models
• the iPad Air 2
• all iPad Pro models
• all Mac computers running MacOS Monterey

Security experts have recommended that anyone using these devices update them to the latest version, which includes a security patch for the vulnerabilities. 

Can you protect your devices?

In addition to updating affected devices, users can improve their device security by:

• Using a secure VPN on unsecured networks. A common method for cybercriminals to access users’ devices is through unsecured wi-fi networks, like public wi-fi hotspots. Any data transferred via these networks may be visible to other users of the network. VPN software encrypts user data and traffic, ensuring others can’t access it.
• Changing and strengthening account passwords, especially if you suspect a breach. Criminals can break through weak passwords using a technique called “stuffing.” With this technique, they test common password combinations with user emails. By using strong passwords, users can help prevent these attacks. 
• Only download content from trusted sources. Trusted sources may include apps through the App and Android stores. They tend to employ more rigorous app testing and security protocols. Content downloaded from untrustworthy sources may conceal malware that could infect user devices.

This recent security vulnerability is not the only one Apple has encountered. In July 2021, the company released a similar report detailing a security flaw that was being “actively exploited.” Commercial spyware companies around the world, such as Israel’s NSO Group, have been found to discover and exploit such flaws, which can result in infection with malware, data theft, and user tracking.

Remaining vigilant and prompt when it comes to device updates, password security, and general digital safety hygiene is one of the best ways to stay safe when such breaches are discovered.