Apple Warns of Two Vulnerabilities
In Apple®’s latest software release update for iOS 15.6.1, they urge users to update their devices as soon as possible to avoid two known security issues with Kernel and Webkit. These two vulnerabilities could allow hackers to take complete control of a device. Apple has yet to disclose more detailed information about the vulnerabilities, as is their policy, until a full investigation is completed.
The security concerns impact the following devices:
- iPhone 6s and later
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
To update your Apple device to the most secure iOS release, go to iPhone Settings > General > Software Update and download and install iOS 15.6.1.
Vulnerability update information
The first vulnerability iOS 15.6.1 addresses is for the iPhone Kernel application, tracked as CVE-2022-32894, that can allow an application to execute code with Kernel privileges from an unknown user.
The second vulnerability addressed by the iOS update affects Webkit, the browser engine behind Safari, tracked as CVE-2022-32893. The Webkit vulnerability could allow for hackers to produce maliciously crafted web content which could be used to produce harmful code.
Our guidance
The following steps can help your firm prevent issues from this and future vulnerabilities on Apple devices.
- Alert your employees immediately of potential vulnerabilities
- Push updates for the most recent software on all corporate Apple devices
- Encourage employees to turn on automatic updates on their Apple devices to avoid missing important patches
- Check all Apple devices, not just phones, for important updates
Click here for more information on enabling automatic updates for Apple products.
How we help
We can help your firm establish and maintain a cybersecurity program in-line with current regulations and industry standards. Our team can:
- Develop and review written policies and procedures that meet your firm’s regulatory requirements and the latest industry standards
- Assess your policies and procedures to confirm they accurately reflect the cybersecurity procedures currently in practice at your firm
- Test your systems to identify network vulnerabilities and provide remediation recommendations
We also provide regulatory and cyber risk alerts and insights to help you stay current with cybersecurity, privacy, and regulatory trends and emerging threats.
For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your ACA Aponix consultant or contact us below.