SAN FRANCISCO – Apple revealed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take full control of these devices.
Apple released two security reports about the issue on Wednesday, though they haven’t received widespread attention outside of tech publications.
Apple’s interpretation of the vulnerability means a hacker could get “full administrator access” to the device. This, said Rachel Toback, CEO of SocialProof Security, would allow intruders to impersonate the device’s owner and later run any software in their name.
Security experts have advised users to update the affected devices – iPhone6S and later models; Several models of iPad, including 5th generation and later, all iPad Pro models and iPad Air 2; And Mac computers running macOS Monterey. The defect also affects some iPod models. So operate your device with care
60-SECOND CYBERSECURITY CHECKS: 4 quick steps to protect your PC or Mac
- Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.
- Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
- NSO Group has been blacklisted by the US Department of Commerce. Its spyware has been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.
- Security researcher Will Strafech said he didn’t see any technical analysis of the vulnerabilities Apple just patched. The company has acknowledged similar serious flaws in the past and Strafetch, estimating perhaps a dozen occasions, noted that it was aware of reports that such security holes were being exploited.
