‘Critical vulnerability’ found in Apple devices, SingCERT advises users to update for security patch

SINGAPORE: Apple users are advised to update their devices to the latest versions immediately after hackers were found actively exploiting a “critical vulnerability”, the Singapore Computer Emergency Response Team (SingCERT) said in an updated notice on Wednesday (Sep 14).

Apple has released security patches to fix a “zero-day critical vulnerability” found in their products, said SingCERT.

This is the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year, according to information security and technology news publication Bleeping Computer.

“Successful exploitation of this vulnerability could allow an attacker to enable maliciously written programmes to execute arbitrary code with kernel privileges,” SingCERT said.

Kernel refers to the core of a computer's operating system that provides basic services for all other parts of the system.

SingCERT has advised users to patch the following products to the latest versions immediately:

• Safari 16 web browser: For macOS Big Sur and macOS Monterey
• macOS Monterey 12.6: For macOS Monterey
• macOS Big Sur 11.7: For macOS Big Sur
• iOS 16: For iPhone 8 and later
• iOS 15.7 and iPad OS 15.7: For iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Users are also encouraged to enable automatic software updates under the settings function in their devices.

Apple released several security updates on Monday and revealed they are aware of reports saying this security flaw "may have been actively exploited".

The company did not disclose any additional details.