Apple has released urgent security updates for its iOS and other operating systems to patch against vulnerabilities that both the tech giant and U.S. cyber security officials say are being actively exploited by hackers.
Apple’s security updates patch gaps in operating systems for the iPhone, iPad, and Mac products, as well as its Safari web browser.
More DetailsOne of the Webkit vulnerabilities allows hackers to steal users’ sensitive information that is exposed while processing web content. The other Webkit gap may lead to arbitrary code execution.
Apple said that the security updates involve improving input validation to address the risk that processing web content may disclose sensitive information. The other gap that could lead to arbitrary code execution was patched by improved locking in order to fix a memory corruption vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also took note of the security gaps in the Apple products.
No information was available as to who may be exploiting these vulnerabilities.
Police Warnings About New iPhone Feature
Earlier, police and sheriff’s departments in multiple states issued warnings about an update on the iPhone and other Apple devices, known as NameDrop, that allows users to share contact details by holding two devices together.
The Middletown Division of Police in Ohio, the Mount Pleasant Department in Wisconsin, and the Henry County Sheriff’s Office in Tennessee, among others, posted warnings on social media regarding the feature.
“If you have an iPhone and have done the recent iOS 17 update. They have set a new feature called NameDrop to default to ON,” the Mount Pleasant Department warning stated. “ This allows the sharing of contact info just by bringing your phones close together. To shut this, off go to Settings, General, AirDrop, and Bringing Devices Together. Change to OFF.”
According to the department’s bulletin, the intent of the warning was to make the public aware of a problem that may not be easy to spot.
“This is intended for the public to be aware of as this is something that can easily be mistaken or looked past by elderly, children or other vulnerable individuals,” the department wrote. “The intentions of the information provided is to inform the public of this feature and adjust their settings as needed to keep their own or their loved ones’ contact information safe.”
“If NameDrop appears on a device and the user does not want to share or exchange contact information, they can simply swipe from the bottom of the display, lock their device or move their device away if the connection has not been established,” the spokesperson said.The company spokesperson added that “before a user can continue with NameDrop and choose the contact information they want to share, they will need to ensure their device is unlocked. NameDrop does not work with devices that are locked.”
It’s unclear if there have been any cases of hackers stealing users’ personal details via the feature.