The Apple logo outside the Bill Graham Civic Auditorium in San Francisco, California on September 7, 2016.JOSH EDELSON/AFP/Getty Images
Apple AAPL-Q disclosed serious security vulnerabilities for iPhones, iPads and Macs that could allow attackers to take full control of these devices.
Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications.
Apple’s explanation of the vulnerability means that a hacker could gain “full administrator access” to the device. This would allow intruders to impersonate the owner of the device and then run any software in their name, said Rachel Tobac, CEO of SocialProof Security.
Security experts have advised users to update the affected devices: iPhone6S and later models; various iPad models, including 5th generation and later, all iPad Pro models, and iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, he cited an anonymous researcher.
Commercial spyware companies such as Israel’s NSO Group are known to identify and exploit these flaws, exploiting them in malware that stealthily infects targets’ smartphones, hijacks their content, and surveils targets in real time
NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws, and on what Strafach estimated was perhaps a dozen occasions, it noted that it was aware of reports that such security holes had been exploited.
Our Morning Update and Evening Update newsletters are written by Globe editors, bringing you a concise summary of the day’s biggest headlines. Sign up today.