disclosed serious security weaknesses in iPhones, iPads and Macs, according to
a company statement Wednesday. The California-based tech giant said its devices
had vulnerabilities that could allow attackers to take complete control. The
company said the issue may have been “actively exploited.” Two security reports
were released by Apple regarding the security flaw on Wednesday.
If the flaw
is exploited, a hacker can potentially obtain complete admin access to a device
and can execute any code just like the user, according to Rachel Tobac, CEO of
SocialProof Security, who spoke to Guardian.
laying out the report, Apple did not provide specifics on how users will be
affected by the vulnerabilities and cited an anonymous researcher to explain
people in the public eye need to be careful, people such as activists and
journalists. Those who may be targets of sophisticated nation-state spying.
as Israeli company NSO are known to exploit such vulnerabilities. NSO’s Pegasus
spyware has been used in Europe, the Middle East, Africa and Latin America,
against dissidents, human rights activists and journalists.
States has blacklisted the NSO group.
security update report on the Apple website states that an application may be
able to execute arbitrary code with kernel privileges. Kernel is the core of
the code for operating systems and could allow a hacker unrestricted control
over the hardware and software of an affected device.
WebKit, the engine that powers Apple browser Safari and other apps could be exploited
if a vulnerable device accessed or processed “maliciously crafted web content
[that] may lead to arbitrary code execution.”
models from iPhone 6S to iPad pro-models, iPad Air 2, iPad mini and later have
these vulnerabilities. Apple has recommended immediately updating devices and
operating system (OS) versions that it has rolled out.
important to update devices as software updates help solve latest security flaws