SAN FRANCISCO — Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.
Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.
Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. Some iPod models are also affected by the flaw.
Apple failed to disclose in reports the details of how, where and by whom vulnerabilities were discovered. Apple cited an anonymous researcher in all instances.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
The U.S. Commerce Department has blacklisted NSO Group. The spyware was known to be used against journalists, dissidents, and activists in Europe, Africa, Latin America, and the Middle East.
Will Strafach, security researcher, stated that he has not seen any technical analysis of Apple’s vulnerabilities. Strafach estimates that Apple has already acknowledged similar serious vulnerabilities and has stated that the company was aware that reports had emerged that these security gaps were being exploited.
Read More From Time