A security expert said iPhone and other Apple device users need to update their software immediately after the firm issued a series of updates last week.
“The main message on this to everyone is that if you have not updated your device, you are 100 percent vulnerable right now, so go immediately update it,” BlackCloak CEO Chris Pierson told Yahoo Finance on Aug. 21.
Apple issued software fixes in iOS 15.6.1, including a vulnerability in the iPhone kernel known as CVE-2022-32894 that can allow an application to be executed at the kernel level.
“Apple is aware of a report that this issue may have been actively exploited,” Apple stated on its support page last week.
And the other issue that was fixed in iOS 15.6.1 is a flaw in WebKit, the engine that the Safari browser uses, being tracked as CVE-2022-32893. The flaw could allow for code execution via Safari.
While Pierson noted that Apple revealed few details about the security flaw, it means that users’ files and pictures could be vulnerable.
The first security vulnerability targets the device’s kernel, Pierson told the media outlet. The kernel is “the heart and brains of every Apple device–that a fundamental flaw in it could allow any external attacker, used by a nation-state intelligence agency, the ability to access your entire device.”
“The second is a flaw in what’s called WebKit,” he said. “WebKit is the brains behind the Safari web browser. So what this means is that if somebody were to go ahead and put malicious code on a website—and they were to be triggered by Safari—that your device could be, if you weren’t patched, compromised once again.”
But another cybersecurity security expert said the bug-fix is “pretty run of the mill.”
“Bugs in software are really common; it happens all the time. It’s not unusual for your phone to update to fix a problem,” Robert Pritchard, founder of tech security service The Cyber Security Expert, told INews. “I’m not entirely sure why this has caused such concern—it’s pretty run of the mill.”
The security flaw prompted an alert last week from the U.S. Cybersecurity and Infrastructure Agency (CISA), a sub-division of the Department of Homeland Security.
“Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari. An attacker could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page,” the bulletin reads.