SINGAPORE – Apple users have been urged to install the latest security updates to prevent hackers from executing malicious commands on their devices.
The vulnerability is classified as a WebKit confusion issue, said the Singapore Computer Emergency Response Team (SingCert) in a report on Tuesday (Feb 14)
This means the hackers could use malicious web content to insert code on a user device, insert malware or spyware, or execute malicious operating system commands.
WebKit is the browser engine that powers Apple apps such as web browser Safari, Mail and the App Store.
The vulnerability was reportedly being actively exploited and allowed hackers to trigger operating system crashes and execute arbitrary code after opening a malicious web page.
SingCert urged users to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
The vulnerability affects the following products:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
- Macs running macOS Ventura, macOS Big Sur and macOS Monterey
According to tech media outlet Bleeping Computer, this is Apple’s first zero-day vulnerability in 2023.
A zero-day vulnerability is a security weakness that is unknown to the software provider and can be exploited by attackers.
Apple did not disclose any further details regarding the attacks.
This article was first published in The Straits Times. Permission required for reproduction.