San Francisco >> Apple has revealed serious security holes for iPhones, iPads and Macs that could potentially allow attackers to gain full control of these devices.
Apple released two security reports about the issue on Wednesday, although they haven’t received much attention outside of tech publications.
Apple’s interpretation of the vulnerability means that a hacker can gain “full administrative access” to the device. This would allow hackers to impersonate the owner of the device and run any program in their name, Rachel Tobak, CEO of SocialProof Security, said.
Security experts advised users to update the affected devices – iPhone6S and later models; many iPad models, including 5th generation and later, all iPad Pro and iPad Air 2 models; and Mac computers running macOS Monterey. The defect also affects some iPod models.
Apple did not say in the reports how, where, or by whom the vulnerabilities were discovered. In all cases, she cited an unknown researcher.
Commercial spyware companies such as the Israeli NSO Group are known for identifying and taking advantage of these flaws, exploiting them in malware that surreptitiously infects smartphones of targets, pulls their contents and monitors targets in real time.
The NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Stravach said he had not seen any technical analysis of the vulnerabilities that Apple had just patched. The company has previously acknowledged the existence of similar serious flaws, and on what Strafach estimated may be dozens of occasions, it indicated that it was aware of reports of such vulnerabilities being exploited.
“Unapologetic communicator. Wannabe web lover. Friendly travel scholar. Problem solver. Amateur social mediaholic.”