A major security flaw has been uncovered in several Apple operating systems as well as its Safari web browser. The Fortune 5 tech company has released an update addressing this vulnerability and is urging all users to update as quickly as possible.
The risk posed by this latest security issue is significant, said Rachel Tobac, CEO of SocialProof Security, who reviewed Apple’s explanation of the threat and concluded that a hacker could get “full admin access to the device” if it were exploited.
This would allow the intruder to “execute any code as if they are you, the user,” Tobac explained.
Apple users are urged to check for available updates and apply them immediately, specifically those who use an iPhone6s or later, fifth generation or later iPad, all iPad Pro models, and the iPad Air 2, as well as any Apple computer running MacOS Monterey.
“The flaws were found in the kernel, a program at the core of the OS (CVE-2022-32894) and WebKit, the engine that powers the Safari web browser (CVE-2022-32893),” explained Gordon Kelly, Forbes tech writer. “Both flaws allow hackers to remotely execute malicious code on your iPhone, iPad, or Mac and potentially take over your device.”
Tobac said “people who are in the public eye,” such as elected officials, journalists, athletes, and other high profile individuals, should be most proactive in updating their devices to avoid the severe consequences of these security weaknesses.
It is not known for how long this latest exploit has been available to bad actors before the August 18 fix was released by Apple. Until such vulnerabilities are addressed, they are known as “zero-day” bugs in computing, which means that a fix has not yet been made available, or more directly, a fix has been available for zero days thus far.
The value of these types of vulnerabilities on the open market is immense. Zerodium, which bills itself as the “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research,” will reportedly pay up to $2,500,000 “to acquire…original and previously unreported zero-day research.”
Zerodium’s list of “bounties” includes Apple macOS, Apple iOS, Apple Safari, and other commonly used computer software.
The “acquisition platform” states that its customers are “government institutions (mainly from Europe and North America) in need of advanced zero-day exploits and cybersecurity capabilities.”
According to security researcher Will Strafach, the severity of this type of exploit is not unheard of but is rare. He estimates this has occurred on “perhaps a dozen occasions” previously with Apple products.