Apple has released operating system updates this week for iPhones, iPads, and Macs that look to fix two serious vulnerabilities that can potentially allow hackers to take complete control of the device.

Minister of State for Electronics & IT Rajeev Chandrasekhar tweeted on Friday (August 19) morning: “Update your iPhones with 15.6.1 to avoid zero-day exploit vulnerabilities @IndianCERT @GoI_MeitY Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack”.

What are these security flaws?

As per the security update report on the Apple website, an application may be able to execute arbitrary code with ‘kernel’ privileges. Kernel is the core of the code for operating systems. Gaining access to this could give the hacker unrestricted control over the hardware and software of an affected device.

The other flaw pertained to the WebKit, which is the engine that powers Apple’s Safari Internet browser and other apps. Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that] may lead to arbitrary code execution”.

“Apple is aware of a report that this issue may have been actively exploited,” the company said.

What are zero-day flaws?

These are essentially loopholes in a particular software, the existence of which even its developer is unaware of. A zero-day vulnerability is detected only when an attack takes place exploiting one, or when companies discover them and issue fixes. Zero-day loopholes in WhatsApp and Apple’s iMessage have been used earlier to install spyware tools. Pegasus, the spyware developed by the Israeli company NSO Group, also used zero-day vulnerabilities.

What devices are affected by the latest flaws and what should users of these devices do now?

All iPhone models including and after iPhone 6S, all iPad Pro models, iPad Air 2 and later models, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) are affected. Among the computing devices, the Macs running macOS Monterey, and Apple’s Safari Internet browser available for macOS Big Sur and macOS Catalina need to be updated.

Apple has recommended immediately updating these devices to the latest software and OS versions that it has rolled out.

Why is it important to update devices?

According to TechCrunch, some successful exploits, such as those of the NSO Group’s Pegasus, use two or more vulnerabilities together to break through a device’s layers of protections. It’s not uncommon for attackers to first target a vulnerability in the device’s browser as a way to break into the wider operating system, granting the attacker wide access to the user’s sensitive data.

Software and hardware OEMs regularly release software updates to keep devices up to date with the latest security flaws and vulnerabilities. It is advisable to keep updating devices as soon as each update is available.