Apple security flaw ‘actively exploited’ by hackers to take complete control of devices

Apple on Wednesday disclosed serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take full control of these devices.

The company said it is “aware of a report that this issue may have been actively exploited.”

Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications.

Security experts have advised users to update affected devices: iPhones 6S and later; various iPad models, including fifth generation and later, all iPad Pro models, and iPad Air 2; and Mac computers running MacOS Monterey. It also affects some iPod models.

Apple’s explanation of the vulnerability means that a hacker could gain “full administrator access to the device” so they could “execute any code as if you were the user,” said Rachel Tobac, CEO of SocialProof Security .

Those who should be especially wary of updating their software are “people who are in the public eye,” such as activists or journalists who could be targeted by sophisticated nation-state espionage, Tobac said. .

The company did not specify how many users were affected by the vulnerability. In all cases, he cited an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit these flaws, exploiting them in malware that stealthily infects targets’ smartphones, hijacks their content, and surveils targets in real time

NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws, and on what Strafach estimated was perhaps a dozen occasions, it noted that it was aware of reports that such security holes had been exploited.

Leave a Comment

Your email address will not be published. Required fields are marked *