While Apple devices may suffer from far fewer viruses and malware than Windows products, they still have some vulnerabilities. For example, one recent update protects your iOS devices from password theft while on a public wireless network.

Another recent update involved six code errors that allowed malware total access to a Mac without any pop-up appearing to give the user a chance to enter a password or decline an activity. But that’s actually the lesser evil compared to what mobile users lacked before the latest iOS 9 update.

If you use an iPhone 4S, an iPad 2, or any of the newer apple devices—basically anything capable of running iOS 9—your cookies can be accessed by a captive portal unless you update the device. What is a captive portal?

Have you ever tried to get on the free Wi-Fi at a McDonald’s? When you open your browser, you get redirected to that screen that makes you agree to their terms of service, right? That’s a captive portal; at least, that is the really simple version.  So why is it a big deal for the portal to access your cookies?

Most of us leave our smartphones and tablets logged into accounts such as email and social media. When that is the case, the credentials are stored in a cookie. If the portal has access to your cookies, then whoever created the portal has access to your login information for all of those accounts.

While Wi-Fi providers at public locations are not in the business of identity theft, the security issues in iOS 9 left apple devices open to anyone who created such a portal and set up in the area. So a hacker may be sitting in the corner of the library, restaurant, coffee shop, or other location—and stealing your usernames and passwords while you are using the free Wi-Fi.

How Do I Fix This on My Apple Devices?

Good question. Even if you don’t get an alert that an update is available, you should regularly check by opening your Settings, clicking on the General option, and then selecting Software Update. From here, you can check for new updates and force them to install.