SINGAPORE – Users of Apple products are once again urged to update the firmware on their devices to the latest iOS 16.1 and iPadOS 16 to fix a critical flaw, the ninth critical vulnerability reported since the start of 2022.
In an alert on Monday, the Cyber Security Agency of Singapore (CSA) said: “Users of affected products are advised to upgrade to the latest versions immediately.”
CSA said that successful exploitation of the vulnerability could allow an attacker to “perform arbitrary code execution with kernel privileges on the affected products”. It means hackers can run any command on and have complete control of the target system by gaining root access.
The vulnerability affects the following products:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
When contacted, a CSA spokesman said the agency has not received any reports from local users of attempted hacks.
The flaw was reported to Apple by an anonymous researcher. In an advisory on its website published on Sunday, Apple said: “Apple is aware of a report that this issue may have been actively exploited.”
Apple has issued advisories on eight other zero-day vulnerabilities since January 2022. A zero-day vulnerability is one that has been disclosed but is not yet patched. As a policy, Apple does not disclose, discuss or confirm security issues until an investigation has occurred and patches or fixes are available.