Significant security flaws for the iPhone, iPad and Mac models that Apple published may undoubtedly allow attackers to take complete control of those devices.
Though they received little attention outside of tech journals, Apple released two security studies on the issue on Wednesday. According to Apple, the vulnerability may allow a hacker to have “full admin entrance” to the system.
According to Rachel Tobac, CEO of SocialProof Safety, this could allow hackers to pretend to be the machine’s owner and then execute any software under their name.
Security experts have advised customers to replace the following devices: Mac computers running macOS Monterey; iPhone 6s and later models; various iPad models, including the fifth generation iPad and later; all iPad Professional models; and the iPad Air 2. Some iPod models are also affected by the bug.
Apple omitted to mention how, where, or who discovered the vulnerabilities in either the first or second report. It consistently referenced an anonymous researcher.
Commercial spyware and adware companies, like Israel’s NSO Group, are renowned for identifying and benefiting from such defects. They use them in malware that covertly infects users’ devices, steals their data, and surveils the targets in real-time.
The US Commerce Division has banned NSO Group. According to reports, it has used malware and adware to target journalists, dissidents, and human rights advocates in Europe, the Middle East, Africa, and Latin America.
Will Strafach, a security expert, said that no technical assessment of the vulnerabilities that Apple had just addressed had been made.
The company has previously admitted to having equally serious problems, and on perhaps a dozen occasions, according to Strafach, it has stated that it was aware of reports that such security holes had been exploited.