Apple security flaw ‘actively exploited’ by hackers to fully control devices | Apple

Apple on Wednesday disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take full control of these devices.

The company said it is “aware of a report that this issue may have been actively exploited”.

Apple released two security reports on the issue on Wednesday, although they did not receive widespread attention outside of technical publications.

Security experts have advised users to update the affected devices – the iPhones 6S and later models; several models of the iPad, including the fifth generation and later, all iPad Pro models, and the iPad Air 2; and Mac computers running macOS Monterey. It also affects some iPod models.

Apple’s explanation of the vulnerability means that a hacker can gain “full administrative access to the device,” so they can “run any code as if they were the user,” said Rachel Tobac, CEO of SocialProof Security.

Those who should be especially vigilant about updating their software are “people in the public eye,” such as activists or journalists who may be targets of sophisticated espionage by nation-states, Tobac said.

The company has not provided details on how many users have been affected by the vulnerability. In all cases, it quoted an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known for identifying and exploiting such vulnerabilities, exploiting them into malware that covertly infect targets’ smartphones, siphon their content and monitor the targets in real time.

NSO Group is blacklisted by the US Commerce Department. The spyware is known to have been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.

Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similar serious flaws and noted, according to Strafach, that it was aware of reports that such vulnerabilities had been exploited.

Add a Comment

Your email address will not be published.