Apple often positions itself as the safest ecosystem regarding privacy and digital security. However, from time to time, the Cupertino-based tech giant finds itself in hot waters over some security lapses that leave its customers vulnerable.
Apple recently disclosed some severe security vulnerabilities for iPhones, iPads, and Macs that could allow attackers to control these devices completely.
Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.
Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running macOS Monterey. The flaw also affects some iPod models.
Apple did not say how, where, or by whom the vulnerabilities were discovered in the reports. In all cases, it cited an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents, and surveils the targets in real-time.
The U.S. Commerce Department has blacklisted the NSO Group. Its spyware is known to have been used in Europe, the Middle East, Africa, and Latin America against journalists, dissidents, and human rights activists.
Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched.
The company has previously acknowledged similarly severe flaws and, on what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.