Apple has rolled out security patches for devices using iOS, iPadOS, and macOS after finding a security vulnerability was being exploited by hackers in the wild.
Apple has warned that processing certain types of maliciously crafted web content may lead to arbitrary code execution, so be extra careful about what you click on, especially before you download the update. It’s also recommended that you install antivirus software – or a VPN with threat protection features – if you haven't already.
The quick response from Apple is the latest signal that the company has turned over a new leaf when it comes to responding to security patches; it was criticized towards the tail end last year for not responding to problems with sufficient haste.
Threat Actors Were Executing Code on Apple Devices
Tracked as CVE-2022-22620, the vulnerability was letting hackers execute files – including malicious ones – on Apple-made devices such as iPhones.
Apple confirmed it is aware of the exploit and the company has released a patch as part of iOS and iPadOS 15.3.1., and macOS Monterey 12.2.1.
In a statement explaining the reasons behind the patch rollout, Apple said that it “was aware of a report that this issue may have been actively exploited”, and warned that “Processing maliciously crafted web content may lead to arbitrary code execution.”
Reports suggest that the average Apple device holder is not under any immediate threat, as the exploit is being used in “targeted attacks” – which likely means businesses and other money-making entities are most at risk.
However, the standard advice for both businesses and individuals is to update your phone as soon as possible.
Apple’s Patchy Security Record
Although Apple is behind some of the most secure operating systems the world has ever seen, the company has come under fire recently for not rolling out security patches quickly enough, and for responding slowly to zero-day vulnerabilities.
Zero-day vulnerabilities refer to problems with software that are being actively exploited by hackers but are unknown to IT teams and others with a vested interest in patching them.
“We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you,” an Apple employee wrote in an email to a security researcher last September, after they published three, exploitable bugs that Apple had repeatedly ignored.
We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”
Protecting Yourself Against Malware
The best protection against malware is antivirus software, particularly one with a website scanner so you know whether or not a site is legit before you click on it.
As Apple said, you’ve got to be careful about clicking on web content – but antivirus software isn’t the only tech that can help you avoid malware. VPNs like NordVPN come with threat protection tools; the provider will display warnings if you click on malicious website links.
But, remember, the most important security measure is updating your iPhone, Mac, and/or iPad – the patch should be waiting in your device settings.