Apple users urged to install update on devices to fix vulnerability
Sign up now: Get ST's newsletters delivered to your inbox
Apple said in an advisory on its website that it is aware of a report that this flaw may have been exploited by attackers.
PHOTO: REUTERS
SINGAPORE – Owners of Apple devices have been urged to immediately install the latest software update, which addresses a vulnerability that allows hackers to run malicious code.
The affected devices are certain models of iPhones, iPads and Macs, as well as all Apple TV HD and Apple TV 4K models, said the Cyber Security Agency of Singapore (CSA) in an alert on Jan 23.
The vulnerability involves the WebKit browser engine that powers Apple apps, including Web browser Safari, Mail and the App Store. It allows attackers to insert malicious code on vulnerable devices after the user opens a webpage designed to steal personal data or attack devices.
CSA advised users of the affected products to install the update released on Jan 22. “The vulnerability is reportedly being actively exploited,” it said.
Apple said in an advisory on its website that it is aware of a report that this flaw may have been exploited by attackers, adding that the issue has been fixed.
The devices affected are:
iPhone 8, iPhone 8 Plus, iPhone X, iPhone XS and later
iPad (fifth generation and later)
iPad Pro 9.7-inch
iPad Pro 10.5-inch
iPad Pro 11-inch
iPad Pro 12.9-inch
iPad Air (third generation and later)
iPad mini (fifth generation and later)
Macs running macOS Monterey and later
Apple TV HD and Apple TV 4K
According to tech media outlet Bleeping Computer, this is Apple’s first zero-day vulnerability exploited in 2024.
A zero-day vulnerability refers to a security weakness that was discovered by attackers before the software provider was aware of it.
CSA has also reminded Apple users to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
