SINGAPORE: The country’s cybersecurity agency issued an advisory on Jan 23 (Tuesday) advising users of Apple devices to update to the latest software versions as soon as possible to prevent hacker attacks.
“Users of the affected products are advised to update to the latest versions immediately. Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates,” added the CSA. The advisory also added a link to more information from Apple on the security content of its latest update.
Products subject to vulnerability
iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later, Macs running macOS Monterey and later, Apple TV HD and Apple TV 4K (all models).
The advisory from the Cyber Security Agency of Singapore (CSA), published with the heading, “Zero-Day Vulnerability in Apple Products,” highlights the most recent security updates released by Apple to address “a zero-day vulnerability (CVE-2024-23222)” in targeted devices, which is said to currently be actively exploited.
“Zero-day vulnerability” means that attackers found a security weakness that software providers were unaware of. The vulnerability concerns the WebKit browser engine powering the tech giant’s apps, which include Safari, Mail, and the App Store.
“While this zero-day vulnerability was likely only used in targeted attacks, installing today’s security updates as soon as possible is highly advised to block potential attack attempts,” advised a tech blog that posted a piece on the software update.
Malicious codes to steal personal data
On Jan 23, Apple said, “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.”
This means that if an attacker can successfully exploit this vulnerability, he or she may be able to insert malicious code on devices running vulnerable iOS, macOS, and tvOS versions after the user opens a webpage that can steal personal data or attack devices. /TISG