Apple security update: Firm warns of serious flaw for iPhones, iPads and Macs

Apple has admitted that its iPhones, iPads and Macs have serious security vulnerabilities which could allow hackers to take over the devices.

The company has published two security reports over the flaws but it did not give specifics about how many people will have been affected.

People have been advised by experts to update their devices if they have models from the iPhone 6S onwards as well as newer iPads and Macs that run macOS Monterey.

Apple has also reportedly stated it was “aware of a report that this issue may have been actively exploited”.

On its website it says: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

“Apple security documents reference vulnerabilities by CVE-ID when possible. For more information about security, see the Apple Product Security page.”

Referring specifically to the security flaws regarding macOS Monterey 12.5.1 it states: “Kernel. Available for: macOS Monterey. Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher.

“WebKit. Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 243557. CVE-2022-32893: an anonymous researcher.”

TechCrunch has said that possibly being “able to execute arbitrary code with kernel privileges” refers to having full access to the device while a WebKit bug could happen if a device accessed “maliciously crafted web content (that) may lead to arbitrary code execution”.

While Rachel Tobac, CEO of SocialProof Security, said that Apple’s description of the security vulnerabilities means a hacker could get “full admin access to the device” and “execute any code as if they are you, the user”.