SAN FRANCISCO (AFP) - Apple is warning of a flaw that is allowing hackers to seize control of iPhones, iPads and Mac computers, and is urging users to install emergency software updates.
Patches were released on Wednesday and Thursday (Aug 18) by the tech titan to fix what it described as vulnerabilities hackers already know about and may be taking advantage of.
"Apple is aware of a report that this issue may have been actively exploited," the Silicon Valley-based company said.
In security updates posted on its website on Aug 17 and 18, Apple said the vulnerabilities affects models of iPhones dating back to 6S, all iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple did not disclose whether it has information about the extent to which the flaws have been exploited. But the company said the vulnerabilities allow hackers to infiltrate devices with unauthorised software, such as malware, and take control of their operating systems, including accessing any data or functions.
Patches were also released for Mac computers running on systems with the vulnerabilities.
The US government's Cybersecurity and Infrastructure Security Agency urged users to apply the necessary updates as soon as possible.
The Cyber Security Agency of Singapore also issued similar advice on Thursday (Aug 18).
Experts from cyber-security firms said the updates are critical.
Such severe security vulnerabilities in Apple’s products are rare as the tech giant puts its software through rigorous testing, said Mr Leow Kim Hock, Asia chief executive of Wizlynx Group.
Mr Sergey Nikitin, who is Group-IB’s chief regional officer for Asia-Pacific, noted that the updates were also released for older devices that could not run on the latest version of Apple’s operating system.
He said some of the previous flaws in Apple’s systems were only discovered after devices were hacked.
“With a high degree of certainty, it can be argued that this is what happened in this case,” he added.
With the updates rolled out, more hackers might be able to analyse the patch and figure out where the vulnerabilities are, said Acronis co-founder and technology president Stas Protassov.
“Then they may start to exploit devices that have not received a fix yet,” he said.
Some users told The Straits Times that they were unaware of the vulnerabilities until they read the news on Friday (Aug 19).
Mr Tay Koong Jye, 30, said he installed the updates on his iPhone immediately, as per his usual practice after a patch has been introduced to fix a security flaw in hi s mobile phone’s systems.
“But I initially did not realise the vulnerabilities were so severe this time,” said Mr Tay, who works in the aviation industry.
Additional reporting by Dominic Low