Cyber Security Agency of Singapore urges Apple users to update devices to fix multiple security vulnerabilities

SINGAPORE — To address “multiple zero-day vulnerabilities” in Apple products that are being actively exploited, users are urged to immediately update their devices' software, the Cyber Security Agency of Singapore (CSA) said yesterday (June 23).

In an advisory, the CSA said these vulnerabilities affect a wide range of iPhone and iPad models, as well as Mac computers and Apple Watches.

A “zero-day vulnerability” is a software vulnerability discovered by attackers before the vendor or developer has become aware of it, thus it has not yet been patched.

CSA's advisory comes after several reports of possible cybersecurity attacks using the “Triangulation” spyware emerged recently.

The attacks involve iPhones that are exploited by these vulnerabilities to install the spyware via the iMessage application, according to information security website BleepingComputer.

CSA said the vulnerabilities could leave Apple devices prone to memory corruption and allow attackers to carry out malicious code with “kernel privileges”, which are greater than administrator privileges.

“Users of affected product versions are advised to update to the latest versions immediately,” said the CSA, a government agency under the Prime Minister's Office tasked with the protection of Singapore’s cyberspace.

The bug affects the following products:

• iPhone 6s (all models)

• iPhone 7 (all models)

• iPhone SE (1st generation)

• iPhone 8 and later

• iPad 5th generation and later

• iPad Air 3rd generation and later

• iPad Air 2

• iPad mini 4th generation and later

• iPad Pro (all models) ― TODAY