Software flaws could let hackers control Apple devices

Apple pushed out an urgent, emergency security update Thursday after the Cupertino-based company said an anonymous researcher discovered serious security flaws in the iOS operating system and Safari web browser.

"Don't delay. It's really serious, it's not something that you can say I'm going to do it tomorrow, or it will be done by itself. Just go and make sure you have the latest update," said Professor Ahmed Banafa, a cybersecurity expert at San Jose State University.

Professor Banafa says the flaws can allow hackers to download a program that can take control of your devices.

"They can get all the information you have from your phone. They basically control it," said Professor Banafa. "You can download apps, you can read information, you can send and receive, all of this would be under their control."

"I currently have three Apple devices," said Troy Young, an Apple-user from Richmond, who like many people, have embraced a wide range of tech devices such as smartwatches, iPads, laptops, desktops and smartphones that double as cameras, address books and wallets.

"I currently have everything on my cell phone so if I lose it I'm out of luck," said Young.

That's a scary thought and now a real threat.

 Banafa says Apple has learned the flaw is already being exploited, posing a danger to a huge number of consumers.

"We have about 118 million iPhones in the United States as of 2022. That's a huge number," said Banafa. "Outside the United States the total number of devices that use the operating system is a billion devices."

Experts are urging consumers to go to their general settings and select the automatic software update to check for the security patch on all devices and upload immediately.

"I feel there are just so many now, it's kind of hard to keep up and if you don't have the automatic on you'll end up five updates behind," said Jordan Ramirez of Oakland.

"Do it now. Don't wait until tomorrow. Do it now," said Herb Lin, a Stanford Senior Research Fellow who specializes in cybersecurity. Lin says the flaw is known as a zero-day vulnerability.

"It's a zero-day in the sense that it can be sprung on the world with zero days of notice," said Lin.

Lin says hackers have become increasingly sophisticated.

"We have not been able to get ahead of the threat. We're always behind. The last 40 years have shown we have not been able to get cybersecurity," said Lin.

Lin says as security flaws become more common, there is growing debate over whether to hold software companies responsible for damages.

"One idea that often comes about in discussions among security experts is that ...companies that produce software with vulnerabilities ought to be subject to a certain degree or form of liability," said Lin, "It's a controversial topic and so far, the software industry said no, no, no, we don't want to do that."