Apple has released security updates for iPhones, iPads and Macs after disclosing a series of vulnerabilities that could allow attackers to secretly take control of devices.
The company said that it is "aware of a report that this issue may have been actively exploited," suggesting that hackers have already targeted the vulnerabilities to compromise Apple device users.
Apple has released two security updates, the first relating to issues affecting iPhone 6s and later models, all models of iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad Mini 4 and later – as well as 7th generation models of iPod touch.
The second security update relates to vulnerabilities in MacOS Monterey, Apple's desktop operating system for Macs.
In both cases, the vulnerabilities could allow cyber attackers to execute arbitrary code at kernel and WebKit level, which ultimately allows attackers to run malicious code on devices, to the extent that they could take control of them. This could allow attackers to conduct various forms of malicious and cyber criminal activity, putting the user at risk.
The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) numbers -- CVE-2022-32894 for the vulnerability in the kernel and CVE-2022-32893 for the vulnerability in the WebKit. In each case, the discovery of the vulnerabilities has been attributed to an anonymous researcher.
Apple has not detailed how many users have been affected by the vulnerabilities, but the warning over the bugs being actively exploited suggests that cyber attackers are already going after victims.
Most users probably won't be actively targeted by cyber attackers looking to exploit the vulnerabilities -- it's more likely to be exploited by commercial spyware operators and nation-state backed hacking groups -- but it's still a good idea to apply the security updates as soon as possible in order to stay safe.
Routinely applying security updates to any device or operating is good security practice and can go a long way towards protecting devices and people from falling victim to cyber attacks.