Two vulnerabilities in the operating systems

Woman with iPhone

The duplication of vulnerabilities is an alarming sign for experts.

(Photo: imago images/MiS)

Dusseldorf Unusually shortly after updating the operating systems last month, Apple is again performing an iOS update. The Californians have to close two critical security gaps that could be “actively exploited” by cyber attackers, the company said.

Most of the group’s devices running the current versions of the operating systems are affected – iPhones and iPads with the software generation iOS or iPadOS 15 as well as Macbooks and Apple computers with the macOS Monterey operating system. Users should install the current versions iOS 15.6.1, iPadOS 15.6.1 and macOS Monterey 12.5.1 on their respective devices as soon as possible.

An “anonymous researcher” drew the company’s attention to the gaps. One vulnerability affects the “Webkit” software, which is used to display content in Apple’s own Safari browser. Unlike Apple computers, other browsers also use Webkit software on iPhones and iPads, making mobile devices even more vulnerable. The other vulnerability affects the “kernel”, i.e. the program core of the operating systems.

The duplication of vulnerabilities is an alarming sign for experts. This could give attackers “basically full access to the device,” says Rachel Tobac, head of Socialproof Security, a San Francisco-based IT security consultancy.

Top jobs of the day

Find the best jobs now and
be notified by email.

Users who have not yet applied the security update would only need to visit a specific website for hackers to use the vulnerability in Webkit to inject malware onto their devices. From there, the attacker could access the core of the operating system via the second vulnerability and access important data.

According to Apple, the following devices are affected:

  • iPhone from the model 6s (2015)

  • iPad from the 5th generation (2017)

  • iPad mini from the 4th generation (2015)

  • iPad Air from the 2nd generation (2014)

  • iPad Pro (all types)

  • ipod touch7th generation (2019)

Apple’s software used to be considered safe from hacker attacks and computer viruses. In recent years, however, the company has repeatedly had to release emergency updates to close security gaps that cyber attackers could have exploited.

Apple: The security gaps are piling up

The reason for this lies in Apple’s success. The Californians used to sell mainly less networked iPods and niche computers for a smaller group of users. An attack is often not worthwhile for cybercriminals for mass reasons alone – an attack on Windows systems almost always seemed more worthwhile.

Meanwhile, however, Apple is a big player in the tablet market. According to the IT consultancy Strategy Analytics, the company also sold 48 million smartphones in the second quarter of 2022, giving it a global market share of 16 percent. This makes Apple devices valuable targets for hackers.

However, Apple is also closing more gaps in its own systems because the tech group has offered a reward for experts who find vulnerabilities and report them to the group. As a result, users are more aware of the security risks. But the risk of unnoticed security gaps that hackers could exploit is decreasing.

More: Apple defies the economic downturn – especially with strong iPhone sales

source site-18