Cyber ​​security: Apple closes security gaps with software updates

cyber security
Apple closes security gaps with software updates

With a series of software updates for its devices, Apple has closed two security vulnerabilities that may already have been exploited. One of the vulnerabilities was in Apple’s WebKit software, which is used to display content in web browsers. Prepared websites could use the gap to run any software code, Apple explained.

“Put simply, a cybercriminal could place malware on your device just by looking at an otherwise harmless website,” warned IT security firm Sophos on Thursday.

iPhones and iPads particularly affected

This vulnerability posed an even greater threat to iPhones and iPads than Mac computers: all browsers on the mobile devices run with WebKit and not just the in-house program Safari. The second vulnerability was in the so-called kernel, the central part of the operating system. An attacker who has already gained access to the device could use it to access all sorts of data, Sophos emphasized.

Such security gaps are considered very valuable and are usually exploited in a targeted manner by secret services and developers of surveillance software. The Pegasus software from the Israeli spy software company NSO, which also exploited vulnerabilities on Apple devices, became well known.

Apple referred to information from an anonymous researcher about the security gaps that have now been patched. Like other companies, the iPhone group awards rewards for information about discovered vulnerabilities. In recent years, Apple has repeatedly announced security vulnerabilities when releasing updates.

With the software updates, users have to become active themselves in order to install them. The current operating system versions are iOS 15.6.1 for the iPhone and iPadOS 15.6.1 for the tablets and macOS Monterey 12.5.1 for Apple’s computers.

dpa