If you have an iPhone, iPad or Mac, you need to update it today, because Apple has just fixed two zero-day exploits that could allow hackers to steal your private data. In fact, Apple says the vulnerabilities have been actively exploited in the wild, meaning the danger isn’t just hypothetical.
Security notes from Apple (via Bleeping Computer) explain that both issues relate to the company’s WebKit browser engine that's used in Safari on all platforms, and in every browser that runs on iOS and iPadOS (including those made by third-party developers). They affect iOS, iPadOS and macOS, which means the reach of these vulnerabilities is potentially huge.
For one of the issues, “processing web content may disclose sensitive information” due to an out-of-bounds read bug, Apple says. In the other, there’s a risk that processing web content might allow a hacker to execute arbitrary code thanks to a memory corruption vulnerability.
The fixes are contained in the iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2 updates, as well as Safari 17.1.2 for macOS Monterey and macOS Ventura. These updates should be downloaded as soon as possible if you have an iPhone, an iPad or a Mac.
On your iPhone, just go to Settings > General > Software Update, and you should see the iOS 17.1.2 update appear. Be aware that it requires at least 7GB of storage to be available during installation, so you may need to delete some files if you're close to your limit.
Actively exploited
The key danger with these flaws is that they are being actively abused in the wild. As noted in a statement from the company, “Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.”
Apple says the following products are affected, so check to see if your own devices are listed:
- iPhone XS and later
- iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
- macOS Monterey, macOS Ventura and macOS Sonoma
A zero-day exploit is a flaw that the developers of the app or operating system were not originally aware of. That makes them particularly dangerous, because until the developer has noticed and fixed them, they can be exploited for nefarious purposes.
The latest security flaws are a reminder to keep your devices up to date at all times and to download security patches as soon as they become available. Where available, make sure you turn on automatic security updates to keep yourself safe.