Apple has encouraged users of older mobile and desktop devices to update their software ASAP, as a vulnerability could allow an attacker to take complete control of older Apple devices. Credit: Kartikey Das Apple this week released urgent security updates to address zero-day vulnerabilities on older model iPhones, iPads, and iPods. The patches, pushed out on Wednesday, address an out-of-bounds write issue that could be exploited by an attacker enabling them to take control of the affected device. The US Cybersecurity and Infrastructure Agency (CISA) today encouraged users and IT admins to review Apple’s advisory HT213428 and apply the necessary updates. Apple did not immediately respond to a request for comment on whether the vulnerabilities had come to its attention through active exploits, but its security update did say, “Apple is aware of a report that this issue may have been actively exploited.” The software flaws are listed in the Common Vulnerabilities and Exposures (CVE) database, a system funded by a division of the US Department of Homeland Security (DHS) to a ensure public disclosure of security vulnerabilities and exposures. “The issue is that if a web page is constructed in a certain way, it can cause code to execute on the device outside of the normal containment and effectively create a malware situation on the device that could compromise data, contacts, location, insert malicious SW, etc.,” said Jack Gold, principal analyst at J. Gold Associates, LLC. “So it’s a big deal,” he added. The vulnerabilities affect the iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) and computers running older macOS versions. The fact that the issue affects that older group of devices — and not newer models — means that there are relatively few devices at risk, Gold noted. Even so, he said, anyone with one of the older devices should update as soon as possible. While a patch offered for older devices may seem unimportant, cybercriminals are particularly fond of older unpatched technology, especially if the vulnerability gives them complete control and the ability to gain access to other systems and services. “An attacker could lure a potential victim to a specially crafted website or use malvertising to compromise a vulnerable system by exploiting this vulnerability,” Malwarebytes said in a blog post today. “Since the vulnerability exists in Apple’s HTML rendering software (WebKit). WebKit powers all iOS web browsers and Safari, so possible targets are iPhones, iPads, and Macs which could all be tricked into running unauthorized code.” The issue is fixed in iOS 15.6.1, iPadOS 15.6.1, and macOS Monterey 12.5.1. Apple is encouraging users to upgrade to the latest versions of its software. Related content feature Windows 11 Insider Previews: What’s in the latest build? Get the latest info on new preview builds of Windows 11 as they roll out to Windows Insiders. Now updated for Build 22635.3566 for the Beta Channel, released on April 26, 2024. By Preston Gralla Apr 26, 2024 251 mins Small and Medium Business Microsoft Windows 11 news Dropbox adds end-to-end encryption for team folders Dropbox this week unveiled a range of features, including security updates and key management, and the ability to co-edit Microsoft 365 documents from within the file-sharing app. By Matthew Finnegan Apr 26, 2024 3 mins Cloud Storage Collaboration Software Productivity Software feature Android versions: A living history from 1.0 to 15 Explore Android's ongoing evolution with this visual timeline of versions, starting B.C. (Before Cupcake) and going all the way to 2024's Android 15 (beta) release. By JR Raphael Apr 26, 2024 23 mins Small and Medium Business Smartphones Android news analysis The unspoken obnoxiousness of Google's Gemini improvements Google's Gemini chatbot is seeing all sorts of upgrades on Android this week, but those advancements reveal a darker underlying reality. By JR Raphael Apr 26, 2024 12 mins Google Assistant Google Android Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe