People shop at an Apple Store in Beijing, Tuesday, Sept. 28, 2021. (AP File Photo)
Mae Anderson and Michael Liedtke
The Associated Press
Apple regularly issues updates to the software powering the iPhone, and sometimes it’s OK to dawdle when it comes to installing them. But that’s not the case with its latest — an upgrade that Apple released Wednesday to close a security hole that could allow hackers to seize control of iPhones and several other popular Apple products.
Security experts are warning that everyone with an iPhone should install the update as soon as possible to protect all the personal information many people store on a device that’s become like another appendage for many.
Without the latest update, a hacker could wrest total control of Apple devices, allowing the intruder to impersonate the true owner and run any software in their name.
The company also issued fixes to block the security threat on iPads and Macs. The flaw may already have been “actively exploited,” according to the company, which has had to fix other security problems with the earlier this year.
HOW DO I FIX THIS?
The good news? There’s an easy fix: you should be able to find easily. Start with the Settings app, the one with an icon featuring what looks like gears in an old watch. Go into the “General” section, then “Software Update.” The page you see will offer simple instructions or, if your device has already updated, a message to that effect.
The whole process typically only takes a few minutes, according to security experts. .
WHY IS UPDATING YOUR APPLE DEVICE SO URGENT?
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time. It’s a risk that’s best to avoid.
WHY DOESN’T MY APPLE DEVICE DO THIS FOR ME?
Apple devices are set to automatic updates by default, but it can take some time before they get around to it. Updates also don’t usually trigger unless can be done and it usually won’t happen unless the iPhone is plugged into a power outlet at the time. It’s quicker just to check for the latest updates and do it manually.
DOES THIS MEAN APPLE ISN’T DOING A GOOD JOB PROTECTING ITS USERS?
No. The reality is that hackers are constantly looking for ways to gain unauthorized access to phones, tablets, computers, and other internet-connected devices for a wide range of malicious and illegal purposes. Apple’s products tend to be a prime target because they’re popular, making them an attractive target.
“Apple is no different to any technology company in that they’re constantly dealing with vulnerabilities,” said Jamie Collier, senior threat intelligence advisor for the cybersecurity firm Mandiant and an associate fellow at the Royal United Services Institute for Defence and Security Studies. “This is really a function of the fact that they’re innovating. They’re constantly developing, they’re constantly improving services, improving their technology, improving their software. That means they’re constantly rolling out new things.”
WHAT APPLE DEVICES ARE AFFECTED?
The affected devices include the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
HOW DO I UPDATE IPADS AND MACS?
You can update your iPad using the same process outlined above: go to “Settings,” click “General” and click “Software Update.” On the Mac, go to “System Preferences,” then “Software Update.”
WHAT’S THE RISK THAT MY PHONE WAS COMPROMISED?
Unless you’re a journalist, political dissident or human rights activist, the chances are extremely low. The kinds of spyware created to exploit vulnerabilities of this type are expensive and typically reserved for targeted hacking.
“If you keep the systems updated, you’ll be absolutely fine,” Collier said. “Typically, when vulnerabilities in, say, phones and iPhones, for instance, are exploited, they tend to be pretty targeted, pretty focused on a small subset of individuals. So we’re unlikely to see anything that’s really widespread at this stage.