Apple disclosed critical security vulnerabilities for iPhone, iPad, and Mac models that could allow attackers to gain complete control over these devices. Apple released two security reports about the issue on Wednesday, though they haven’t received widespread attention outside of tech publications. Apple’s explanation for the vulnerability is that a hacker could gain “full administrator access” to the device. This would allow intruders to impersonate the owner of the device and run any software in their name, said Rachel Toback, CEO of SocialProof Security.
Security experts advise users to update affected devices — iPhone 6s and later models; Many models of iPad, including the 5th generation iPad and all later iPad Pro models and iPad Air 2; and Mac computers running macOS Monterey. The flaw also affects some iPod models.
Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit such flaws, exploiting them in malware that secretly infects targets’ smartphones, siphons their content, and monitors targets in real time.
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.
Security researcher Will Strafach said he had not seen any technical analysis of the vulnerability that Apple had recently patched. The company has previously acknowledged similar critical flaws, and Strafatch noted on roughly a dozen occasions that it was aware of reports of exploits of such security holes.