DHS Warns iPhone Users To Change Settings Over “Zero-Day Spyware”
An agency within the Department of Homeland Security has warned owners of Apple products of a security vulnerability which affects iPhones, iPads and MacOS devices.
According to Apple, “an app may be able to execute arbitrary code with kernel privileges,” and that with another vulnerability, “processing maliciously crafted web content may lead to arbitrary code execution,” which the company says “may have been actively exploited.”
On February 14, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) issued a statement advising users and administrators to “to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.”
Apple has responded to the vulnerability with updates for Safari 16.3.1, iOS 16.3.1 and iPadOS 16.3.1, and macOS 13.2.1.
“Just looking at a website, which ought to be harmless, or opening an app that relies on web-based content for any of its pages (for example its splash screen or its help system), could be enough to infect your device,” said security research firm Sophos, which described the flaws as a “zero-day spyware implant bug.”
“If you install Firefox (which has its own browser ‘engine’ called Gecko) or Edge (based on a underlying layer called Blink) on your Mac, those alternative browsers don’t use WebKit under the hood, and therefore won’t be vulnerable to WebKit bugs.”
Company spokesman Scott Radcliffe told Endgadget that it doesn’t have any more details on the exploits mentioned in the security updates.
More via The Epoch Times:
How to Update
Generally, Apple users have automatic updates turned on. However, if that’s not the case, a user can go to the Apple menu, then click “About this Mac,” and click “Software Update.”
On iPad, iPhone, or another iDevice, they can go to “Settings,” then “General,” then “Software Update.”
“If your Apple product isn’t on the list, notably if you’re stuck back on iOS 15 or iOS 12, there’s nothing you can do right now, but we suggest keeping an eye on Apple’s HT201222 page in case your product is affected and does get an update in the next few days,” Sophos notes.