Apple disclosed serious security vulnerabilities for iPhone, iPad and Mac models that could potentially allow attackers to take complete control of these devices. Apple released two security reports about the issue on Wednesday, although they didn't receive wide attention outside of tech publications.
Apple's explanation of the vulnerability means a hacker
could get “full admin access" to the device. That would allow intruders to
impersonate the device's owner and subsequently run any software in their name,
said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update affected
devices — the iPhone 6s and later models; several models of the iPad, including
the 5th generation iPad and later, all iPad Pro models and the iPad Air 2; and
Mac computers running MacOS Monterey. The flaw also affects some iPod models.
Apple did not say in the first or second report how, where
or by whom the vulnerabilities were discovered. In all cases, it cited an
anonymous researcher.
Commercial spyware companies such as Israel's NSO Group are
known for identifying and taking advantage of such flaws, exploiting them in
malware that surreptitiously infects targets' smartphones, siphons their
contents and surveils the targets in real time.
NSO Group has been blacklisted by the US Commerce
Department. Its spyware is known to have been used in Europe, the Middle East,
Africa and Latin America against journalists, dissidents and human rights
activists.
Security researcher Will Strafach said he had seen no
technical analysis of the vulnerabilities that Apple has just patched. The
company has previously acknowledged similarly serious flaws and, in what
Strafach estimated to be perhaps a dozen occasions, has noted that it was aware
of reports that such security holes had been exploited.
0 comments:
Post a Comment