SAN FRANCISCO — Apple has revealed it’s learned of serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take complete control of these devices.
Based on Apple’s explanation of the problem in two security reports it posted, the vulnerability means a hacker could get “full admin access” to the device, could impersonate the device’s owner and run any software in that person’s name, according to Rachel Tobac, chief executive officer of SocialProof Security.
Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the fifth generation and later, all iPad Pro models and the iPad Air 2 and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
Apple did not say how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
NSO Group has been blacklisted by the U.S. Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched.
The company previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted it was aware of reports that such security holes had been exploited.
