19th August 2022 – (Cupertino) Apple is warning of a flaw that is allowing hackers to seize control of iPhones, iPads and Mac computers, and is urging users to install emergency software updates.
Patches were released on Wednesday and Thursday by the tech titan to fix what it described as a vulnerability hackers already knew about and may be taking advantage of.
“Apple is aware of a report that this issue may have been actively exploited,” the Silicon Valley-based company said.
Apple did not disclose whether it had information regarding the extent to which the issue has been exploited.
It released two security reports about the issue on Wednesday, although they did not receive wide attention outside of tech publications.
The technical description indicated that a hacker could use the flaw to take control of devices, accessing any of its data or capabilities.
That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.
Patches were released for iPhones, iPads and Mac computers running on operating systems with the vulnerability.
Security experts have advised users to update affected devices — the iPhone 6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.
NSO Group has been blacklisted by the US Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched.
The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploite