In a series of suddenly released macOS and iOS updates, Apple detailed security flaws bearing the potential of "arbitrary code" execution, a technical ability which equips hackers to execute commands on a target device.
Apple stated it was "aware of a report that this issue may have been actively exploited", indicating the vulnerabilities may have already been used for malicious purposes against Apple devices.
This apparent hacking exposure spells big trouble for Apple and its users, as those impacted could face a gamut of security compromises ranging from data theft through to total device takeover.
Two notable qualities stand out in Apple's new updates - firstly, the abrupt nature of their release, and secondly, the fact they pertain to apparent zero-day vulnerabilities.
A zero-day vulnerability is a type of security flaw wherein hackers discover and take advantage of unpatched issues in software.
Hackers are typically a step ahead of software developers when it comes to zero-day vulnerabilities, making it near impossible for users to defend against them until an appropriate software update is released.
Jake Moore, Global Cyber Security Advisor at ESET told UK newspaper Metro, "If exploited, attackers would be able to see your location, read messages, view contacts lists and potentially even access the microphone and camera – all the things you don’t want to have out there.
"Those in the public eye such as activists, politicians and journalists should act quicker due to previously becoming targets of nation-state spying,” he added.
Risk of targeted attacks
2022 has been a decidedly tumultuous year for mobile phone security.
The news from Apple comes amid ongoing unease regarding TikTok's data sharing practices, and shortly after Australian federal MPs were encouraged to use two separate mobile phones for the purpose of data safety.
While mobile phone vulnerabilities have the potential to impact an incredible number of users, those who are in the public eye are arguably more susceptible to targeted attacks.
Zero-day vulnerabilities are often used for big game, and are a highly lucrative method for hackers and state actors seeking to exploit high-value targets.
Professor Matthew Warren of RMIT University cautioned against the possibility of targeted attacks relating to these new vulnerabilities, stating "if it was criminal gangs, there would be particular targets in particular organisations that they would try to target for financial gain."
He also added that "every Apple user should be concerned."
Apple has provided few words regarding the scope of these vulnerabilities, but the consensus among experts is that hackers could easily impersonate users and take control of unpatched devices.
Apple's updates have the express purpose of addressing these apparent security flaws, meaning those most at-risk are users yet to update their devices.
If you have turned off automatic updates or are otherwise yet to take action, Apple recommends opening your device settings and applying the latest available updates as soon as possible.