Apple has encouraged users of older mobile and desktop devices to update their software ASAP, as a vulnerability could allow an attacker to take complete control of older Apple devices. Credit: Kartikey Das Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods. The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates. Apple did not immediately respond to a request for comment on whether the vulnerabilities had come to its attention through active exploits, but its security update did say, “Apple is aware of a report that this issue may have been actively exploited.” The software flaws are listed in the Common Vulnerabilities and Exposures (CVE) database, a system funded by a division of the US Department of Homeland Security (DHS) to a ensure public disclosure of security vulnerabilities and exposures. “The issue is that if a web page is constructed in a certain way, it can cause code to execute on the device outside of the normal containment and effectively create a malware situation on the device that could compromise data, contacts, location, insert malicious SW, etc.,” said Jack Gold, principal analyst at J. Gold Associates, LLC. “So it’s a big deal,” he added. The vulnerabilities affect the iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) and computers running older macOS versions. The fact that the issue affects that older group of devices — and not newer models — means that there are relatively few devices at risk, Gold noted. Even so, he said, anyone with one of the older devices should update as soon as possible. While a patch offered for older devices may seem unimportant, cybercriminals are particularly fond of older unpatched technology, especially if the vulnerability gives them complete control and the ability to gain access to other systems and services. “An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability,” Malwarebytes said in a blog post today. “Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.” The issue is fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. Apple is encouraging users to upgrade to the latest versions of its software. Related content news analysis CHIPS Act is working as billions of dollars in payouts is divvied out to semiconductor makers About $29 billion has been earmarked for more than a half dozen chip makers; the Biden Administration believes the spending will spur US chip production to reach 20% of the world's market, nearly double what America now produces. By Lucas Mearian Apr 30, 2024 7 mins CPUs and Processors Government feature Apple is intensely focused on its global AI efforts When the ship that is Apple moves in any direction, you can always count on careless whispers to expose the destination. From research labs to sophisticated AI models and Apple Silicon for server farms, here's what we've learned in just one By Jonny Evans Apr 30, 2024 6 mins Apple Artificial Intelligence feature What Capgemini software chief learned about AI-generated code: highly usable, 'too many unknowns' for production While most of Capgemini's clients are reticent to use AI-generated code in production, the technology has led to big efficiency and productivity increases that developers and engineers might not yet realize, says Jiani Zhang, the company's By Lucas Mearian Apr 30, 2024 21 mins Developer Engineer Generative AI news analysis The EU has decided to open up iPadOS 'Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers,' said the EU’s lead anti-competition regulator, Margrethe Vestige By Jonny Evans Apr 29, 2024 4 mins Apple Apple App Store iPad Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe