Photo supplied
Leslie Meredith
In an unusual move, Apple last week distributed what it deemed as critical updates for iOS (phones), iPadOS, MacOS and its Safari browser. The updates were even picked up by the U.S. government’s Cybersecurity & Infrastructure Security Agency. Why? Because unlike with most updates that address potential vulnerabilities, these addressed an exploit that is currently being used to attack devices running these systems.
Before we take a look at what’s behind the security fix, check your Apple devices to make sure the operating systems are up to date. If you bought your device within the last five years, the security updates apply. For iPhones, open “Settings,” scroll down to “General” and then “Software Update.” If you see the iOS 16.3.1 update, tap “Download and Install.” It should only take a few minutes, but will require about 1.3 gigabytes of storage. For computers, open “About this Mac” under the Apple menu and look for “System Updates.” You’ll see a button indicating the number of updates available, so click and proceed with the OS update to 13.2.1. Note you will have to restart your computer, so save any work before you update. For other devices and the browser, the current versions are 16.3.1 for iPadOS, 9.3.1 for watchOS and 16.3 for Safari. When you update the iOS, Safari will be automatically updated.
Apple has revealed few details about the exploit, other than to say this security hole is a flaw in Apple’s WebKit component that’s processing maliciously crafted web content and may lead to arbitrary code execution. However, analysts at Sophos security firm said in a blog post that this exploit likely involves remote code execution (RCE), a technique known as a drive-by download or a drive-by install.
“Web-based RCE exploits generally give attackers a way to lure you to a booby-trapped website that looks entirely unexceptionable and unthreatening, while implanting malware invisibly simply as a side effect of you viewing the site,” Sophos author Paul Ducklin said. “A web RCE typically doesn’t provoke any popups, warnings, download requests or any other visible signs that you are initiating any sort of risky behavior. Just looking at a website, could be enough to infect your device.”
That should be incentive enough to update all of your Apple devices now and dispel any lingering beliefs that Apple devices are immune to attack.
With that out of the way, what’s next for Apple? The next major update will be iOS 17 and is due to be released about four months from now in June at WWDC, Apple’s annual developer conference. Those enrolled in Apple’s Developer Program, which costs $99 a year for access, will then have access to the new OS. The public beta should be available in July. However, most of us will wait until Apple’s fall event to upgrade to iOS 17.
Little is known at this time about iOS 17’s new features, but industry analysts seem to agree that no major changes are in the works. Rather, we can expect more customization to the Lock Screen, improved Dynamic Island usage and a new Siri app powered by artificial intelligence. For instance, iOS 16 brought the ability to change the font on the time, add a few widgets and set different lock screens for different focus modes, so iOS 17 would bring more fonts and widgets. Small tweaks to the Dynamic Island are also anticipated, but because this feature is available only on iPhone 14 Pro and iPhone 14 Pro Max, any updates here will apply to a relatively small group of users.
Most intriguing may be an AI-powered Siri. AI, or more specifically generative pre-trained transformer (GPT) and similar programs, are machine learning systems that generate human-like text in answer to a wide variety of queries. In fact, these chatbots generate conversations based on the data they can access rather than simply producing a list of search results.
For now, ChatGPT is the most well-known program and has been integrated into Microsoft’s Bing search engine with albeit mixed results. Google is working on its own conversational chatbot called Google Bard, and it shouldn’t be too much longer until Bard becomes available as part of the Google search experience. Siri is nothing more than a voice activated program to search Google, so an advanced chatbot could dramatically enhance Siri’s functionality.
Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.
Newsletter
