Apple has found severe security flaws in some iPhones, iPads, and Macs, and these flaws could allow hostile actors to take control of customers’ devices. Apple disclosed these flaws. The company acknowledged that it is “aware of a report that this issue may have been actively exploited” in two separate security reports that were released on Wednesday. The papers detail the vulnerabilities that were fixed by the company’s most recent software releases.
The technological behemoth has given credit for the discovery of the vulnerabilities to the work of a “anonymous researcher,” but it has provided very little specifics regarding the problems. It merely stated that because of “an out-of-bounds write problem” in both iOS and MacOS, a malicious application would have been “able to execute arbitrary code with kernel privileges” prior to the most recent patches being applied. This was true for both operating systems.
Apple did not disclose the number of customers who may have been affected by the exploit. Additionally, the company stated that it would continue to maintain a similar level of secrecy and would not “disclose, discuss, or confirm” any future security issues “until an investigation has occurred and patches or releases are available.”
Multiple iPad models, including all iPad Pro devices, iPhones 6S and later, and Mac machines utilizing MacOS Monterey, an operating system that was introduced the previous year, were susceptible to the issue. According to cybersecurity expert Rachel Tobac, who was describing Apple’s technical documents to the Associated Press, the defect could give hackers “complete admin access” to devices and allow them to “run any code as if they are you, the user.” Apple’s technical documents are available here.
The problems that were disclosed on Wednesday were not Apple’s first serious security flaws; the company has issued frequent notifications for updates and other remedies as new exploits are uncovered in its popular gadgets. The problems that were disclosed on Wednesday were just the most recent, though. NSO Group, a private Israeli intelligence firm, is suspected of hacking its phones recently. The company has been accused of breaking into the devices of dozens of officials, journalists, lawyers, and activists around the world, often at the behest of other countries. NSO Group hacked its own phones recently.