Apple has encouraged users of older mobile and desktop devices to update their software ASAP, as a vulnerability could allow an attacker to take complete control of older Apple devices. Credit: Kartikey Das Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods. The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates. Apple did not immediately respond to a request for comment on whether the vulnerabilities had come to its attention through active exploits, but its security update did say, “Apple is aware of a report that this issue may have been actively exploited.” The software flaws are listed in the Common Vulnerabilities and Exposures (CVE) database, a system funded by a division of the US Department of Homeland Security (DHS) to a ensure public disclosure of security vulnerabilities and exposures. “The issue is that if a web page is constructed in a certain way, it can cause code to execute on the device outside of the normal containment and effectively create a malware situation on the device that could compromise data, contacts, location, insert malicious SW, etc.,” said Jack Gold, principal analyst at J. Gold Associates, LLC. “So it’s a big deal,” he added. The vulnerabilities affect the iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) and computers running older macOS versions. The fact that the issue affects that older group of devices — and not newer models — means that there are relatively few devices at risk, Gold noted. Even so, he said, anyone with one of the older devices should update as soon as possible. While a patch offered for older devices may seem unimportant, cybercriminals are particularly fond of older unpatched technology, especially if the vulnerability gives them complete control and the ability to gain access to other systems and services. “An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability,” Malwarebytes said in a blog post today. “Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.” The issue is fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. Apple is encouraging users to upgrade to the latest versions of its software. Related content news Slack’s new ‘lists’ help track track and manage work projects The work management tool, which rivals specialized apps from the likes of Asana and Trello, is now generally available. By Matthew Finnegan Jun 06, 2024 3 mins Slack Generative AI Collaboration Software feature Enterprise buyer’s guide: Desk booking software for the hybrid workplace The hybrid workplace is here to stay, so you need the right tools to help employees secure a workspace when they’re in the office — and to help you optimize your office space. Here’s what to look for and 25+ desk booking platforms t By Keith Shaw and Robert Mitchell Jun 06, 2024 23 mins Employee Experience Human Resources Staff Management news Zoho updates its collaboration tools to help with asynchronous work Zoho is focusing on AI, automation, and personalization with solutions customized for specific industries. By Lynn Greiner Jun 06, 2024 4 mins Collaboration Software Project Management Tools news Microsoft nudges users to update to Windows 11 Support for version 10 of the OS ends in next year, but 68% of users are still running the nearly decade-old software. By Elizabeth Montalbano Jun 05, 2024 4 mins Microsoft Windows 10 Windows 11 Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe