Apple has reported major security loopholes in some iPhones, iPads and Macs which could allow malicious actors to hijack users’ devices. The firm issued two security reports on Wednesday describing the vulnerabilities patched by its latest software updates, and admitting it is “aware of a report that this issue may have been actively exploited.”
The tech giant credited the work of an “anonymous researcher” in discovering the flaws, but shared few details about the vulnerabilities. It only said that due to “an out-of-bounds write issue” both in iOS and MacOS, a malicious application would be “able to execute arbitrary code with kernel privileges,” before latest patches.
Apple did not reveal how many customers may have been affected by the exploit, and said it would maintain similar secrecy and not “disclose, discuss, or confirm” any future security issues, “until an investigation has occurred and patches or releases are available.”
The vulnerability affected multiple iPad models – including all iPad Pro devices – iPhones 6S and later, as well as Mac computers using MacOS Monterey, an operating system released last year. The bug could give hackers “full admin access” to devices and allow them to “execute any code as if they are you, the user,” cybersecurity expert Rachel Tobac told the Associated Press, explaining Apple’s technical documents.
The issues revealed Wednesday were far from Apple's first major security flaw, as the company has issued periodic alerts for patches and other fixes as new exploits are found in its popular devices. Its phones have recently been subject to hacks by the private Israeli intelligence firm NSO Group, which has been accused of breaching the devices of dozens of officials, journalists, lawyers and activists around the world, often at the behest of foreign states.