SAN FRANCISCO — Apple has disclosed serious security vulnerabilities in iPhones, iPads and Macs that could potentially allow attackers to take full control of these devices.
Apple released two security reports on the issue on Wednesday, although they did not receive widespread attention outside of technical publications.
Apple’s explanation of the vulnerability means that a hacker could gain “full administrator access” to the device. This would allow attackers to impersonate the owner of the device and subsequently run software on their behalf, said Rachel Toback, CEO of SocialProof Security.
Security experts advised users to update the affected devices – iPhone6S and newer models; several iPad models, including 5th generation and later, all iPad Pro models, and iPad Air 2; and Mac computers with MacOS Monterey. The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher is cited.
Commercial spyware companies such as Israel’s NSO Group are notorious for identifying and exploiting such flaws, using them in malware that secretly infects targets’ smartphones, extracts their contents and monitors targets in real time.
NSO Group is blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he had not seen a technical analysis of the vulnerabilities Apple had just patched. The company has previously acknowledged such serious flaws and, Strafach estimates, on perhaps a dozen occasions, noted that it was aware of reports that such security holes had been exploited.
More must-see stories from TIME