Apple has released a software updates for its iPhones, iPads and Macs designed to fix two security vulnerabilities known by Apple to be actively exploited by attackers. To install this security update, you can go to the Settings App, then General, then Software Updates.
The update includes an important security fix for a WebKit vulnerability that could lead to “arbitrary code execution,” according to Apple.
Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that] may lead to arbitrary code execution,” while the second bug allowed a malicious application “to execute arbitrary code with kernel privileges,” which means full access to the device. The two flaws are believed to be related.
Attackers typically target a vulnerability in the device’s browser as a way to break into the wider operating system, giving the malicious attacker wide access to the user’s sensitive data.
Apple said iPhone 6s models and later, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), and all iPad Pro models are affected.
As noted by Mr. Macintosh on Twitter, a fix for the kernel-related vulnerability has not been released for Apple operating systems macOS Big Sur or macOS Catalina, and it’s unclear if the security flaw affects those operating systems.
SOURCE: Apple, Macrumors, Techcrunch