Apple released two security reports this week, disclosing serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of their devices.
The vulnerability means a hacker could get "full admin access" to the device, allowing the person to impersonate the device's owner and run any software in their name.
“An application may be able to execute arbitrary code with kernel privileges,” Apple wrote in a post. “Apple is aware of a report that this issue may have been actively exploited.”
A malicious website could run code allowing an attacker to gain control of a device based on a bug in Safari WebKit. An application could gain control of the kernel, which is the lowest level software running on a device.
The U.S. Cybersecurity and Infrastructure Security Agency stepped in. The organization advised users to apply necessary updates as soon as possible. “CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible,” the organization wrote in a post.
The update comes after the release of an emergency software patch last year, when researchers discovered a vulnerability that allowed hackers to deploy controversial Israeli company NSO Group’s spyware tool through Apple’s iMessage app, according to the Financial Times.
Apple sued NSO Group over the affair and the Israeli group has been blacklisted by the U.S. commerce department. NSO’s spyware is known to have been used to target journalists, dissidents and human rights activists around the world.