Users urged to update Apple devices, Google Chrome

Users of iPhones, iPads and Mac computers have been urged by Apple to install emergency software updates which fix a flaw that is allowing hackers to seize control of these devices.

The technology giant released patches on Wednesday and Thursday to address what it describes as vulnerabilities that hackers already know about and may be taking advantage of.

Separately, Google rolled out a security update to its Chrome browser that fixes multiple vulnerabilities.

The Cyber Security Agency of Singapore advised users on Thursday to install the relevant patches immediately.

In security updates posted on its website, Apple said the vulnerabilities affect models of iPhones dating back to 6S, all iPad Pro models, iPad Air 2 and later models, iPad 5th generation and later models, iPad mini 4 and later models, and iPod touch (7th generation).

They also affect certain Mac computers.

Apple did not disclose whether it has information on the extent to which the vulnerabilities have been exploited.

But the company said they allow hackers to infiltrate devices with unauthorised software, such as malware, and take control of their operating systems, including accessing any data or functions.

Experts from cyber-security firms said the updates are critical.

Such severe vulnerabilities in Apple's products are rare as the tech giant puts its software through rigorous testing, said Mr Leow Kim Hock, Asia chief executive of the Wizlynx Group.

Mr Sergey Nikitin, who is Group-IB's chief regional officer for the Asia-Pacific, said some of the previous flaws in Apple's systems were discovered only after devices were hacked.

"With a high degree of certainty, it can be argued that this is what happened in this case," he added.

With the updates rolled out, more hackers might be able to analyse the patches and figure out where the vulnerabilities are, said Acronis co-founder and technology president Stas Protassov.

"Then they may start to exploit devices that have not received a fix yet," he said.

In its update notes on Tuesday, Google said the patch fixes 11 flaws, including a high-severity one, which hackers might be actively exploiting.

Besides a brief technical description of each fix in the patch, Google did not provide further information in its update notes.

Mr Biswajit De, senior technical consultant at Trend Micro, noted from the flaw's short description that it involves a feature in the browser which enables the launching of applications and Web services directly from a webpage.

"As (Google Chrome is) the world's No. 1 browser, it is of utmost importance for users to... download the necessary security updates to avoid falling victim to malicious attacks," he added.

Users told The Straits Times that they were unaware of the updates from Apple and Google until they read the news yesterday.

Mr Tay Koong Jye, 30, said he installed the updates on his iPhone immediately, as is his usual practice after a patch is introduced to fix a security flaw in his mobile phone's systems.

"But I initially did not realise the vulnerabilities were so severe this time," said Mr Tay, who works in the aviation industry.