Skip to main content

This major Apple bug could let hackers steal your photos and wipe your device

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos — and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

A physical lock placed on a keyboard to represent a locked keyboard.
piranka / Getty Images

Apple protects its systems by requiring apps to be signed by approved developers, by sandboxing apps to prevent them from accessing areas they should not, and by almost entirely removing the ability to dynamically run arbitrary code. Combined, those measures help macOS and iOS become highly secure — but apparently not secure enough.

Trellix’s blog post explains that the infamous cyberintelligence organization NSO Group bypassed some of these protections in 2021 by exploiting Apple’s NSPredicate system. In short, NSPredicate is one of the few elements of macOS and iOS that can dynamically generate code — something that was thought to be absent from Apple’s operating systems. NSO Group discovered this and used it to craft its Pegasus spyware.

This exploit was dubbed FORCEDENTRY, and Apple patched it shortly after its discovery in late 2021. Trellix’s work, however, has shown that Apple’s patches can be easily bypassed, rendering them useless.

In fact, Trellix claims it has found an entire class of bugs that can be exploited this way, granting hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Some bugs could even be used to wipe your device in its entirety.

Trellix passed on the details of the exploits it discovered to Apple, and they were patched earlier this year. That means you should download the fixes — contained in macOS 13.2 and iOS 16.3 and later versions — as soon as you can. These exploits also serve as a helpful reminder that, despite the company’s reputation for strong security, no Apple product is invulnerable to attack. Ensuring your device is up to date is a great way to keep it safe.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Apple and Google are teaming up to make tracking devices less creepy
Apple AirTag lifestyle image.

Apple and Google are partnering to develop a new standard for Bluetooth tracking devices that seeks to stop malicious stalking and other abusive use of gadgets like the Apple AirTag. Essentially, this would be a universal, OS-level tracker detection and alert system that will work uniformly across Android and iOS. The two companies are inviting stakeholders to review the proposal and submit their feedback within the next three months.

Once the feedback period is over, all the involved parties will work together to finalize the technical standardization, with the hope of releasing a market-ready version by the end of the year. Following the release and adoption by makers of tracking devices, the tech will be generally made available via a software update for Android and iOS devices.
Better late than never

Read more
Check your Apple Card right now — you may have a crazy 10% cash-back promo
Daily Cash page for the Apple Card, showing a 10% back promo for grocery store purchases.

If you’re an Apple Card user, you may want to check if you have a new offer waiting for you that will net you up to 10% cash back on grocery store purchases. Yes, you read that correctly — 10% cash back.

Apple is quietly boosting Apple Card rewards with this new promotion that seems to only be available to select users through May 31. The timing of this offer follows the launch of the Apple Card Savings account earlier in the month.

Read more