SAN FRANCISCO — Apple has disclosed serious security vulnerabilities for iPhones, iPads, and Macs, which could allow attackers to take full control of these devices.
Apple released two security reports on the issue on Wednesday, although they did not receive widespread attention outside of technical publications.
Apple’s explanation of the vulnerability means that a hacker could gain “full administrative access” to the device. That would allow intruders to impersonate the device’s owner and then run software in their name, said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update the affected devices – the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models, and the iPad Air 2; and Mac computers running macOS Monterey. The error also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it quoted an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and exploiting such vulnerabilities, exploiting them into malware that covertly infect targets’ smartphones, siphon their content and monitor the targets in real time.
NSO Group is blacklisted by the US Department of Commerce. The spyware is known to have been used against journalists, dissidents and human rights activists in Europe, the Middle East, Africa and Latin America.
Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similar serious flaws and noted, according to Strafach, that it was aware of reports that such vulnerabilities had been exploited.