SAN FRANCISCO >> Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take complete control of these devices.
Apple released two security statements on Wednesday, though they haven’t received wide attention outside of tech publications.
Apple’s description of the vulnerability means that the hacker could gain “full administrative access” to the device. This would allow intruders to impersonate the owner of the device and then run any software under their name, said Rachel Tobach, CEO of SocialProof Security.
Security experts advised users to update affected devices – iPhone6S and later models; Many models of iPad, including 5th generation and later, all iPad Pro models and iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPad models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.
Commercial spyware companies, such as Israel’s NSO Group, find such flaws and exploit them in malware that attacks targets’ smartphones stealthily, hides their contents, and tracks targets in real time.
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used against journalists, protesters and human rights activists in Europe, the Middle East, Africa and Latin America.
Security researcher Will Strafach said he hasn’t seen any technical analysis of the vulnerabilities Apple has just discovered. The company has previously acknowledged similarly serious flaws and Strafach has been assessed on perhaps a dozen occasions, citing reports that it was aware of such security holes being exploited.
“Total coffee junkie. Tv ninja. Unapologetic problem solver. Beer expert.”