Warning: Apple users, update all of your devices immediately
Image c/o: Photo by GotCredit
Apple users, update all the things! The latest software patches guard against three new zero-day vulnerabilities that may already be seeing active use, the company warns.
Update your devices today
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7,” the company said in its security advisory note that accompanied release of the point upgrades. The patches include protection for iOS 17 and iOS 16, so to be protected you should be running iOS or iPadOS 16.7 or later, or upgrade now if not.
The three latest flaws were found and reported by Bill Marczak of the Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Their discovery and remediation follows a similar security patch earlier on this month, this time in response to the appalling NSO Group and Pegasus. It is not known if the latest attack relates to these at all.
Nor is it known if the earlier attacks that have already been patched have been disclosed sufficiently well to protect all platforms, as explained here.
What’s at stake?
Attackers using these exploits are apparently able to elevate their user privileges and bypass validation.
The company has introduced patches for Macs, iPhones, and iPads, including for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later.
These three raise to 16 the number of zero-day attacks Apple has had to patch against so far this year, with patches released in September, July, June, May, April and February.
More information from Apple here and here.
Apple is taking attacks like these very, very seriously and last month opened up the process for applications for next year’s iPhone Security Research Device program for security researchers.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Dear reader, this is just to let you know that as an Amazon Associate I earn from qualifying purchases.
