Apple disclosed serious security vulnerabilities for iPhone, iPad, and Mac that could allow attackers to take full control of these devices.
Apple released two security reports on the subject on Wednesday, though they didn’t get much attention outside of tech publications.
Apple’s explanation of the vulnerability means that a hacker could gain “full administrator access” to the device. That would allow intruders to impersonate the device’s owner and then run any software on their behalf, said Rachel Tobac, executive director of SocialProof Security.
Security experts have advised users to update affected devices: iPhone 6S and later models; various iPad models, including 5th generation and later, all iPad Pro models, and iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, he quoted an anonymous researcher.
Commercial spyware companies like Israel’s NSO Group are known for identifying and exploiting such flaws, exploiting them into malware that surreptitiously infects targets’ smartphones, extracts their contents, and monitors targets in real time.
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa, and Latin America against journalists, dissidents, and human rights activists.
Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple had just patched. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated at perhaps a dozen times, he has indicated that he was aware of reports that such security holes had been exploited.