Apple has
disclosed serious security weaknesses in iPhones, iPads and Macs, according to
a company statement Wednesday. The California-based tech giant said its devices
had vulnerabilities that could allow attackers to take complete control. The
company said the issue may have been “actively exploited.” Two security reports
were released by Apple regarding the security flaw on Wednesday.

If the flaw
is exploited, a hacker can potentially obtain complete admin access to a device
and can execute any code just like the user, according to Rachel Tobac, CEO of
SocialProof Security, who spoke to Guardian.

While
laying out the report, Apple did not provide specifics on how users will be
affected
by the vulnerabilities and cited an anonymous researcher to explain
the flaw.

Tobac said
people in the public eye need to be careful, people such as activists and
journalists. Those who may be targets of sophisticated nation-state spying.

Groups such
as Israeli company NSO are known to exploit such vulnerabilities. NSO’s Pegasus
spyware has been used in Europe, the Middle East, Africa and Latin America,
against dissidents, human rights activists and journalists.

The United
States has blacklisted the NSO group.

Also Read | Apple privacy measures leads to woes at Meta as TikTok surges ahea

The
security update report on the Apple website states that an application may be
able to execute arbitrary code with kernel privileges. Kernel is the core of
the code for operating systems and could allow a hacker unrestricted control
over the hardware and software of an affected device.

Additionally,
WebKit, the engine that powers Apple browser Safari and other apps could be exploited
if a vulnerable device accessed or processed “maliciously crafted web content
[that] may lead to arbitrary code execution.”

All iPhone
models from iPhone 6S to iPad pro-models, iPad Air 2, iPad mini and later have
these vulnerabilities. Apple has recommended immediately updating devices and
operating system (OS) versions that it has rolled out.

It is
important to update devices as software updates help solve latest security flaws
and vulnerabilities.