SINGAPORE: Apple users should update their devices to the latest versions immediately to fix a security flaw that is being “actively exploited”, the Singapore Computer Emergency Response Team (SingCERT) said in a notice on Tuesday (Oct 25).
Apple has released a security update to fix a “zero-day vulnerability” affecting most iPhones and iPads, said SingCERT.
This is the ninth zero-day vulnerability used in attacks against iPhones and iPads since the start of the year, according to information security and technology news publication Bleeping Computer.
“Successful exploitation of the vulnerability could allow an attacker to perform arbitrary code execution with kernel privileges on the affected products,” SingCERT warned.
Bleeping Computer said that this can result in data corruption, application crashes and memory corruption.
Apple is aware of a report saying the kernel flaw “may have been actively exploited”, the company said in a note without providing any additional details.
Kernel refers to the core of a computer’s operating system that provides basic services for all other parts of the system.
The update fixes at least 20 documented security defects, according to cybersecurity news and analysis website Security Week.
SingCERT has advised users to patch the following products to the latest versions immediately:
- iPhone 8 and later
- iPad Pro (all models)
- iPad Air 3rd generation and later
- iPad 5th generation and later
- iPad mini 5th generation and later
Users are also encouraged to enable automatic software updates under the settings function in their devices.