Apple revealed severe security vulnerabilities for iPhones, iPads and Macs, potentially allowing attackers to control these devices completely.
Apple released two security reports about the issue on Wednesday, though they haven’t received widespread attention outside of tech publications.
Apple’s interpretation of the vulnerability means a hacker could gain “full administrator access” to the device. Social proof Security CEO Rachel Toback said it would allow intruders to impersonate the device’s owner and later run any software in their name.
Security experts have advised users to update the affected devices – iPhone6S and later models; Several models of iPad, including 5th generation and later, all iPad Pro models and iPad Air 2; And Mac computers running macOS Monterey. The defect also affects some iPod models.
Apple did not say how, where or by whom the vulnerabilities were discovered in the report. In all cases, it cited an unnamed researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real-time.
The U.S. Commerce Department has blacklisted NSO Group. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. The company has previously acknowledged similarly serious flaws and, on what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.