Tech giant Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of the devices.
Apple released two security reports about the issue on Wednesday, but the severity of the problem didn’t receive worldwide attention outside of tech insider publications until this Friday.
Apple’s explanation of the vulnerability means a hacker could get “full admin access" to Apple devices.
According to Rachel Tobac, CEO of SocialProof Security, the breach would allow intruders to impersonate the device's owner and subsequently run any software in their name.
🚨ATTENTION🚨
— Rachel Tobac (@RachelTobac) August 18, 2022
Apple found two 0-days actively in use that could effectively give attackers full access to device.
For most folks: update software by end of day
If threat model is elevated (journalist, activist, targeted by nation states, etc): update now https://t.co/BUEn08260X
Warning affects devices from iPhone 6 onwards
Security experts have advised users to update affected devices – the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey.
The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered.
In all cases, it cited an "anonymous researcher".
The 'Pegasus incident'
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
NSO Group has been blacklisted by the US Commerce Department.
Its Pegasus spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.