ROCHESTER, N.Y. (WROC) — Attention Apple users: the company is issuing an emergency software update for some devices after some unknown cyber criminals discovered a security flaw in the system.

Those flaws are known as “zero-days,” which means these criminals have found out how to hack into any Apple device at-risk and obtain all the information — unless you perform the critical software update.

The following devices are affected:

  • iPhone6S and later models
  • Several models of the iPad, including the 5th generation and later
  • All iPad Pro models and the iPad Air 2
  • Mac computers running MacOS Monterey
  • The flaw also affects some iPod models

“Cyber criminals can take control of your camera, microphone, contacts, messages, and even your location,” said Jonathan Weissman, cybersecurity expert and senior lecturer at RIT.

Weissman explained when a company is faced with a zero-day, it’s on them to patch up the threat. In Apple’s case, this comes in the form of a critical software update.

“But not everyone is as quick to perform the updates, which makes them even more vulnerable,” he said.

Paul Robinson, an expert with IGI cybersecurity, said these zero-days have become more common in the digital age. Any organization, individual, or company is at risk.

“You kind of got to think of it the same way as someone breaking into your house,” said Robinson. “Like someone is breaking into your house, acting like you, but has no good intention at all, and wants to cause havoc.”

But you can stay proactive by increasing awareness online, as you would in real life.

“It’s always good to check your bank accounts, health care accounts, any personal identifiable information tied to you,” said Robinson.

“You have to be diligent in the updates, monitor your devices for suspicious activity, slowness,” said Weissman.

Apple did not report how these vulnerabilities were found, where they were found, or who discovered them.

The company Zoom, used for video calls, has faced similar threats. Weissman said they’ve been able to overcome this by also pushing out critical software updates.

The company announced the threat earlier this week, but it’s unclear how long these devices have been vulnerable.