Apple has announced the discovery of a serious security vulnerability for iPhones, iPads and Macs that could potentially allow attackers to take full control of a victim’s devices.
The announcement came like Apple released a security update that would prevent the attack from taking place.
To install this security update, you can go to the Settings app, then General, then Software Updates.
The latest version of iOS and iPadOS is 15.6.1, while macOS is on 12.5.1.
How did the attack work?
According to Apple, the vulnerability could have been exploited by “processing web content”, that is, by accessing a web page containing malicious code.
Any attacker who knows about the vulnerability – and how to exploit it – could, by directing a victim to such a web page, be able to execute any code they choose on the victim’s device.
Usually, devices limit the types of code that can be run on them to users with particular privilege levels – but this vulnerability allowed code to be run with kernel privileges.
The kernel is the central part of iOS. It has unrestricted access to all aspects of the operating system, which means the attacker could have full control over the victim’s device.
Who was using it to attack people?
Apple said it is aware of a report that the vulnerability may have been actively exploited.
However, the company did not provide any additional details.
What is the risk for the general public?
In the world of cybersecurity, the ability to execute code on a victim’s device simply by having them open a web page is extremely rare and powerful.
As a simple matter of supply and demand, the exploit could have been purchased for a lot of money – and if so, it would likely have been used to attack a high-value target.
Offensive cyber tools like exploits for severe vulnerabilities like this don’t last forever.
As soon as the vulnerability is discovered, the software vendor can start developing a patch – and any attempt to exploit the vulnerability risks revealing its existence.
This limited time in which a vulnerability can be exploited also impacts market dynamics for the sale, purchase and use of these tools.
All of this means that before the vulnerability was discovered by Apple – when it was a “zero day” vulnerability because the vendor had zero days to develop the fix – it probably wouldn’t be used to general targeting.
However, now that the vulnerability is publicly known, criminals may reverse engineer the security update and target members of the public who have not yet updated their devices.
That’s why it’s so important to install the latest security updates.
Who found this problem?
The researcher who reported the vulnerability chose to remain anonymous.
There could be any number of reasons why they do this, including simply that they didn’t want the attention the report would have brought to them.
The researcher may also work for a company or government organization that has been targeted by this vulnerability.
If so, revealing that they knew about the attack – attributing the disclosure to a name associated with the victim – could provide the attacker with information about their offensive operation.
Read more: GCHQ reveals why it keeps software vulnerabilities secret
Alternatively, the vulnerability may have been reported by a Western government with a vulnerability fairness process, such as the UK’s National Cyber Security Centre, part of GCHQ.
Security and intelligence agencies may have needed to exploit the vulnerability, but after doing so, they chose to disclose it to Apple so it could be patched.
There is no evidence for any of the above scenarios, they are provided as examples of the various reasons the researcher may have chosen to remain anonymous.
Apple has announced the discovery of a serious security vulnerability for iPhones, iPads and Macs that could potentially allow attackers to take full control of a victim’s devices.
The announcement came like Apple released a security update that would prevent the attack from taking place.
To install this security update, you can go to the Settings app, then General, then Software Updates.
The latest version of iOS and iPadOS is 15.6.1, while macOS is on 12.5.1.
How did the attack work?
According to Apple, the vulnerability could have been exploited by “processing web content”, that is, by accessing a web page containing malicious code.
Any attacker who knows about the vulnerability – and how to exploit it – could, by directing a victim to such a web page, be able to execute any code they choose on the victim’s device.
Usually, devices limit the types of code that can be run on them to users with particular privilege levels – but this vulnerability allowed code to be run with kernel privileges.
The kernel is the central part of iOS. It has unrestricted access to all aspects of the operating system, which means the attacker could have full control over the victim’s device.
Who was using it to attack people?
Apple said it is aware of a report that the vulnerability may have been actively exploited.
However, the company did not provide any additional details.
What is the risk for the general public?
In the world of cybersecurity, the ability to execute code on a victim’s device simply by having them open a web page is extremely rare and powerful.
As a simple matter of supply and demand, the exploit could have been purchased for a lot of money – and if so, it would likely have been used to attack a high-value target.
Offensive cyber tools like exploits for severe vulnerabilities like this don’t last forever.
As soon as the vulnerability is discovered, the software vendor can start developing a patch – and any attempt to exploit the vulnerability risks revealing its existence.
This limited time in which a vulnerability can be exploited also impacts market dynamics for the sale, purchase and use of these tools.
All of this means that before the vulnerability was discovered by Apple – when it was a “zero day” vulnerability because the vendor had zero days to develop the fix – it probably wouldn’t be used to general targeting.
However, now that the vulnerability is publicly known, criminals may reverse engineer the security update and target members of the public who have not yet updated their devices.
That’s why it’s so important to install the latest security updates.
Who found this problem?
The researcher who reported the vulnerability chose to remain anonymous.
There could be any number of reasons why they do this, including simply that they didn’t want the attention the report would have brought to them.
The researcher may also work for a company or government organization that has been targeted by this vulnerability.
If so, revealing that they knew about the attack – attributing the disclosure to a name associated with the victim – could provide the attacker with information about their offensive operation.
Read more: GCHQ reveals why it keeps software vulnerabilities secret
Alternatively, the vulnerability may have been reported by a Western government with a vulnerability fairness process, such as the UK’s National Cyber Security Centre, part of GCHQ.
Security and intelligence agencies may have needed to exploit the vulnerability, but after doing so, they chose to disclose it to Apple so it could be patched.
There is no evidence for any of the above scenarios, they are provided as examples of the various reasons the researcher may have chosen to remain anonymous.