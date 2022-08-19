With beta versions of upcoming operating systems already available for weeks, Apple has just released a series of updates to Safari, iOS, iPad OS and macOS. A move necessary to block a security flaw that, according to the company itself, “could have been actively exploited by malicious people” to take control of the devices of unsuspecting users. The vulnerability is present on different models of iPhone, iPad and Mac and depends on the version of the operating system used. Experts recommend updating devices as soon as possible to protect them.

Vulnerable phones and computers are iPhone 6S and later; several iPad models, including the original iPad 5th generation and later, all iPad Pro models and the iPad Air 2, as well as Mac computers with macOS Monterey. The problem would also affect some iPod models, although here the risks are obviously much more limited.

With the updates Safari goes to version 15.6.1, macOS Monterey to 12.5.1, iOS to 15.6.1, and iPadOS to 15.6.1. Updates for macOS Big Sur and Catalina have yet to be released, although it is unclear whether the vulnerability affects these two older versions of the Mac operating system.

Who is at risk

The vulnerability in question is not used for mass attacks. Instead, it requires a strong specialization and is not automated. Instead, it is usually used to target the devices of politicians, activists, journalists and other public figures without their knowledge. For example, it can be used to attack the phone of a famous person and steal their videos and photographs without his knowledge, because the attack leaves no trace. Companies such as the Israeli NSO Group are known for this activity: they identify these vulnerabilities and keep them secret, exploiting them to resell them as spyware to companies and governments. NSO Group has long been criticized by the press and public opinion for its activity. In the US, the Department of Commerce has blocked the activities of NSO Group, which has sold its software in Europe, the Middle East, Africa and Latin America with the aim of spying on journalists, dissidents and human rights activists.

The question of security

Meanwhile, another vulnerability has been reported, present on iOS and iPadOS since 2020, discovered by an external security analyst, Michael Horowitz, and communicated to Apple for some time, which, however, so far has not done anything to mitigate the risks. In this case it is more than anything else a bug, a programming problem of the operating system code, which makes all VPNs (private connection networks) on iPhone and iPad insecure.

This is a bug that prevents connections from closing and restarting when the application starts, an essential procedure to switch them over the VPN network and thus make them protected thanks to encryption. According to the expert, “this bug makes all VPNs used on all Apple iPhones and iPads unsafe.”