Apple has released software updates this week after disclosing vulnerabilities that could have enabled hackers to access devices, as the company faces pressure to tackle spyware and defend its reputation for strong cyber security.
In “security update” posts on Wednesday and Thursday, Apple said customers should update to the latest software to avoid risks affecting its Safari browser and Mac computers, as well as its iPhone and iPad devices.
“These software vulnerabilities could give attackers full access to a vulnerable device,” said Rachel Tobac, a hacker and chief executive of SocialProof Security, which teaches companies about cyber attacks.
“Everyone should update their Apple devices, especially those who are most at risk for nation-state attacks, such as journalists, activists and those in the public eye.”
Apple has credited an anonymous researcher for alerting the firm to the issue, without providing further details. The US Cybersecurity and Infrastructure Security Agency also advised users to apply necessary updates as soon as possible.
Before a software update was released, the bugs would have been considered “zero day” vulnerabilities because a fix for them had not previously been available. Such issues, if serious, can be hugely valuable among hackers, fetching thousands of dollars on the open market.
The update comes after the release of an emergency software patch last year, when researchers discovered a vulnerability that allowed hackers to deploy controversial Israeli company NSO Group’s spyware tool through Apple’s iMessage app.
Apple has sued NSO Group over the affair and the Israeli company has been blacklisted by the US commerce department. NSO’s spyware is known to have been used to target journalists, dissidents and human rights activists around the world.
Apple has long marketed the greater security and privacy it offers users, including allowing them to opt out of being tracked by marketers, in moves that have led to losses of billions of dollars in online advertising for companies such as Facebook’s parent Meta.
Apple said it was aware of reports that the latest vulnerabilities “may have been actively exploited” but declined to comment further.
Last month, the company introduced a security function called “Lockdown Mode” for users who feel they are vulnerable to sophisticated cyber attacks.
Apple said this “extreme, optional protection” was to protect against “the rarest” of attacks and it would strictly limit the capabilities of an iPhone.