Singapore cybersecurity agency urges Apple users to install update on devices to fix vulnerability
OWNERS of Apple devices have been urged to immediately install the latest software update, which addresses a vulnerability that allows hackers to run malicious code.
The affected devices are certain models of iPhones, iPads and Macs, as well as all Apple TV HD and Apple TV 4K models, said the Cyber Security Agency of Singapore (CSA) in an alert on Jan 23.
The vulnerability involves the WebKit browser engine that powers Apple apps, including Web browser Safari, Mail and the App Store. It allows attackers to insert malicious code on vulnerable devices after the user opens a Web page designed to steal personal data or attack devices.
CSA advised users of the affected products to install the update released on Jan 22.
It said: “The vulnerability is reportedly being actively exploited.”
Apple said in an advisory on its website that the tech giant is aware of a report that this flaw may have been exploited by attackers, adding that the issue has been fixed.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The devices affected are:
- iPhone 8, iPhone 8 Plus, iPhone X, iPhone XS and later
- iPad (fifth generation and later)
- iPad Pro 9.7-inch
- iPad Pro 10.5-inch
- iPad Pro 11-inch
- iPad Pro 12.9-inch
- iPad Air (third generation and later)
- iPad mini (fifth generation and later)
- Macs running macOS Monterey and later
- Apple TV HD and Apple TV 4K
According to tech media outlet Bleeping Computer, this is Apple’s first zero-day vulnerability exploited in 2024.
A zero-day vulnerability refers to a security weakness that was discovered by attackers before the software provider was aware of it.
CSA has also reminded Apple users to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates. THE STRAITS TIMES
Copyright SPH Media. All rights reserved.
