This comes after
Apple released operating system updates this week for iPhones, iPads, and Macs that look to fix two serious vulnerabilities that can potentially allow hackers to take complete control of the device.
“Update your iPhones with 15.6.1 to avoid zero-day exploit vulnerabilities @IndianCERT @GoI_MeitY Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack,” Chandrasekhar said in his tweet.
Update ur iphones wth 15.6.1 to avoid zero-day exploit vulnerabilitiea @IndianCERT @GoI_MeitYApple releases… https://t.co/f0jHZbfhiG
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) 1660888218000
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. Because they were discovered before security researchers and software developers became aware of them — and before they can issue a patch —zero-day vulnerabilities pose a higher risk to users.
Apple said that all iPhone models including and after iPhone 6S, all iPad Pro models, iPad Air 2 and later models, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) are affected. Among the computing devices, the Macs running macOS Monterey, and Apple’s Safari Internet browser available for macOS Big Sur and macOS Catalina need to be updated.
Discover the stories of your interest
Apple recommended immediately updating these devices to the latest software and OS versions that it has rolled out.
As per Apple’s security update report which is available on their website, an application may be able to execute arbitrary code with ‘kernel’ privileges. Kernel is the core of the code for operating systems and hence could give a hacker complete control over an affected device.
The other vulnerability was with reference to WebKit, which powers Apple’s Safari Internet browser and other apps. The company said that the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that] may lead to arbitrary code execution”.
It went on to add that the company was aware of a report that this issue may have been actively exploited.