Apple has fixed a huge vulnerability in the operating code that powers their franchise, which is available for download now.
The technology giant credited an anonymous researcher for alerting them about an out-of-bounds write issue that their latest patch fixes.
“An application may be able to execute arbitrary code with kernel privileges,” the company explained on a support page. “Apple is aware of a report that this issue may have been actively exploited.”
For the serious security vulnerability, the 15.6.1 fixes will cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Like a military colonel, the highest field level rank, a computer kernel is in charge of everything. Any order it processes is obeyed by the device’s operating system and takes precedence over other lower-level instructions. Gaining kernel privileges would allow bad actors to assume complete control of a hardware device to install malware and viruses and steal data such as banking information and passwords. A few lines of malicious code in the kernel could crash the computer or erase all data or both.
The California-based tech company is notoriously secretive, preferring to unveil new products and technologies at theatrical company launch events. The company’s reputation for maintaining secrecy about products under development is probably envied by U.S. intelligence agencies.
“It’s very rare for them to go public like this, which means everyone should take this threat seriously and update as soon as they are able,” security specialist Brian Higgins explained to The Scotsman. “If Apple think it’s so serious that they need to go public, then if you haven’t already installed iOS 15.6.1 you need to go and do it right now.”
Cybereason Chief Security Officer Sam Curry cautioned against panic about the operating system vulnerability.
“While the vulnerability could allow threat actors to take full control of a device, stay calm and simply get control of your devices and download the software updates available from Apple,” advised Curry. “Do that and move on.”
“In a rare case, we will find out how threat actors were able to exploit the current vulnerabilities,” Curry continued. “Overall, follow Apple instructions if you think you are infected and consult your IT department at work, school, etc, as needed for more information.”
The U.S. cybersecurity cops at CISA encourage owners of affected Apple devices to install the latest fixes from the company to address the vulnerability.
Scroll down to leave a comment and share your thoughts.