Apple is urging users to update their iPhones, iPads and Mac computers after the company sounded the alarm about a serious security flaw that could allow hackers to take over their devices.
The tech giant warned Wednesday that Mac computers could be breached by “maliciously crafted web content” and said it was “aware of a report that this issue may have been actively exploited.”
Apple released software updates that it says fix the exploits and warned users to download them as soon as possible.
Here’s what Apple’s warning means, which devices are affected and what users should do.
‘Full access to device’
Apple said that it found two flaws within Webkit — which powers Safari and other apps — as well as the kernel, which is a computer program at the center of the operating system. The vulnerabilities are believed to be related and could essentially give hackers full access to iPhones, iPads and Macs, the company warned.
Rachel Tobac, CEO of SocialProof Security, warned on Twitter that the flaws could give “effectively give attackers full access to device.”
Given the massive amount of data stored on Apple devices, such as bank account information, private photos and digital versions of ID documents, users who don’t update their devices could be at serious risk.
Tobac urged everyone to update their devices by the end of the day and added that especially vulnerable people such as activists, journalists and others who could be targeted by nation-state hackers should update immediately.
The U.S. Cybersecurity and Infrastructure Security Agency likewise urged Americans to “apply the necessary updates as soon as possible.”
“An attacker could exploit one of these vulnerabilities to take control of an affected device,” the federal agency warned.
Which Macs, iPads, iPhones are vulnerable?
Apple said that anyone with an iPhone released since 2015, an iPad released since 2014 or Mac that runs the OSx Monterey operating system should update their devices.
For iPhones, the affected devices are the iPhone 6, iPhone 6s Plus, iPhone SE, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XS, iPhone XS, iPhone XS Max, iPhone XR, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone 12, iPhone 12 Mini, iPhone 12 Pro, iPhone 12 Pro Max, iPhone 13, iPhone 13 Mini, iPhone 13 Pro and the iPhone 13 Pro Max.
For iPads, the update list consists of all iPad Pros, iPad Airs from the 2nd generation or newer, iPad Minis from the 3rd generation onward and standard iPads from the 5th generation or newer.
For Macs, all devices running the OSx Monterey operating system should be updated. That consists of iMacs from late 2015 or later, iMac Pros from 2017 or later, MacBook Air and MacBook Pro laptops from 2015 or later, Mac Pros from 2014 or later, Mac minis from late 2014 or later and MacBooks from 2016 or later.
Some later iPod models could also be affected, Apple said.
This software issue has gotten more attention on social media and in the news than previous vulnerabilities, potentially because of Apple’s warning that it could have already been exploited by hackers. Another kernel security flaw that Apple patched in March received far less attention despite being similarly serious.
Apple spokesperson Scott Radcliffe declined to comment beyond initial notices the company published about the vulnerabilities.
Apple shares fell 1.2% to $172.06 around mid-day on Friday amid a broader slump in the markets. The tech-heavy Nasdaq Composite Index was down 2.0%.
How to update
iPhone and iPad owners can update their software by going to the settings application, tapping “general” and then tapping “Software Update.” If they see a new software update available, they should tap “install now.” Apple is urging users to update certain devices by the end of the day.Apple is urging users to update certain devices by the end of the day.
Mac owners should click on the Apple logo in the top lefthand corner of their desktop screen. They should then click on “About this Mac,” then click “Software Update” to check for available updates. If a new software update is available, they should click “update now.”
Additional reporting by Katherine Donlevy
