Apple warns of security flaw that lets hackers take full control of iPhones

19 Aug 2022

Image: © hippomyta/Stock.adobe.com

The tech giant has issued software updates to fix two vulnerabilities that may have been exploited to give hackers full control of devices.

Apple has disclosed two security flaws that could potentially allow attackers to gain full control of iPhone, iPad and Mac devices.

The tech giant has issued software patches to address the vulnerabilities and is urging users to update their devices.

Apple said it is aware of a report that these security issues “may have been actively exploited”, but it did not disclose how many users might have been affected.

The vulnerabilities affect certain versions of iOS, iPadOS and MacOS Monterey. In a security report, Apple attributed the discovery of these security flaws to an anonymous researcher.

The first is an out-of-bounds write vulnerability in the operating system’s kernel. This is a core component of an operating system and has the highest privileges.

An application may be able to exploit this vulnerability to execute code with kernel privileges, giving hackers the ability to execute any commands and effectively take control of the device.

The second vulnerability was discovered in WebKit, the browser engine used by Safari and other apps that can access the web. This flaw may allow hackers to run arbitrary code execution on devices that access malicious websites.

A hacker can use arbitrary code execution to try achieve administrator control of a device.

These types of vulnerabilities have been exploited by malicious actors in the past, notably with the use of Pegasus spyware. Last September, Apple issued an urgent update to address a security flaw that could be exploited to infect iOS devices with the spyware.

The latest security update has been issued for iPhone 6S and later models, the iPad Air 2 and later, iPad fifth generation and later, some iPod Touch models, all iPad Pro models and Macs running MacOS Monterey.

Rachel Tobac, CEO of SocialProof Security, said those who should prioritise updating their software are people “in the public eye” such as activists or journalists who might be the targets of sophisticated spyware.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com