With all the hype around the updates to the iPads and MacBook Air hardware, Apple quietly rolled out some software fixes that will affect a lot more users — including a vulnerability that could let hackers shut down any Apple device.
Earlier this week, Apple announced several critical patches for both mobile and desktop operating systems. Discovered in August by security researcher Kevin Backhouse at Semmle, a hacker could use the exploit to shut down any Apple device.
“The vulnerabilities may allow malicious attackers on the same network to take control of any vulnerable Apple device,” according to a blog post on the Semmle website. “A remote attacker could run arbitrary code, extract data, crash the devices, or reset them to factory settings.”
Semmle put together a video demonstrating the vulnerability, which is known as CVE-2018-4407:
In order for the “hack” to work, the malicious code must be sent on the same network as the target, so the exploit isn’t possible from substantial distances. Users accessing public WiFi would be potential targets to someone looking to exploit the vulnerability.
The issue has been fixed in Apple’s new operating systems, iOS 12 and macOS Mojave. However Apple delayed disclosure of the issue until Oct. 30, the day they also released the fix for older versions of macOS.
Users are still encouraged to update to the most recent operating system wherever possible. iOS 12.1 contained 32 bug fixes for mobile devices. Mobile devices not updated to the latest operating system are still vulnerable to the attack.
If you’re unable to upgrade, the next best protection is to run “stealth mode” in the macOS firewall, or to avoid public Wifi.
Users may also want to consider using a VPN when accessing public Wifi, a recommended measure for users whether they have an Apple device or something else.