Skip to main content

This major Apple bug could let hackers steal your photos and wipe your device

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos — and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Related Videos
A physical lock placed on a keyboard to represent a locked keyboard.
piranka/Getty Images

Apple protects its systems by requiring apps to be signed by approved developers, by sandboxing apps to prevent them from accessing areas they should not, and by almost entirely removing the ability to dynamically run arbitrary code. Combined, those measures help macOS and iOS become highly secure — but apparently not secure enough.

Trellix’s blog post explains that the infamous cyberintelligence organization NSO Group bypassed some of these protections in 2021 by exploiting Apple’s NSPredicate system. In short, NSPredicate is one of the few elements of macOS and iOS that can dynamically generate code — something that was thought to be absent from Apple’s operating systems. NSO Group discovered this and used it to craft its Pegasus spyware.

This exploit was dubbed FORCEDENTRY, and Apple patched it shortly after its discovery in late 2021. Trellix’s work, however, has shown that Apple’s patches can be easily bypassed, rendering them useless.

In fact, Trellix claims it has found an entire class of bugs that can be exploited this way, granting hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Some bugs could even be used to wipe your device in its entirety.

Trellix passed on the details of the exploits it discovered to Apple, and they were patched earlier this year. That means you should download the fixes — contained in macOS 13.2 and iOS 16.3 and later versions — as soon as you can. These exploits also serve as a helpful reminder that, despite the company’s reputation for strong security, no Apple product is invulnerable to attack. Ensuring your device is up to date is a great way to keep it safe.

Editors' Recommendations

How to use Bing Image Creator to generate AI images for free
Bing Image Creator generated a realistic, yet artistic image of a hand drawing a hand.

Bing search made a giant leap forward in popularity and gained new conversational abilities when Microsoft added OpenAI's GPT-4 technology with the new ChatGPT-based Bing Chat tab. Now. another mode of operation is available with Bing Image Creator, which turns your written description into a picture.

According to Microsoft's blog post, Bing Image Creator uses a more advanced version of OpenAI's Dall-E. That means it can produce high-quality, photorealistic digital pictures, drawings, and paintings for you based on the text prompts you supply.
How to get access to Bing Image Creator
There are two ways to use Bing Image Creator. The simplest is to go to bing.com/create, which brings up Image Creator in preview right in your browser. This is available to everyone, and is a good place to try it out, even on mobile.

Read more
Bing Chat: how to use Microsoft’s own version of ChatGPT
Bing Chat shown on a laptop.

Microsoft has added AI to its Edge browser and Bing search engine, and it's powered by the same advanced technology that OpenAI used to create ChatGPT. It's also available in mobile apps, enabling AI interaction by voice.

Here's how to sign up and use Bing Chat today.
How to get Bing Chat

Read more
Your Windows 11 screenshots may not be as private as you thought
Person sitting and using an HP computer with Windows 11.

When you capture a screenshot and crop out sensitive information, it's still possible to recover a portion of the image that was supposedly removed in some circumstances.

This isn't the first time redacted documents have turned out to have left hidden data intact and readable with the right tools and knowledge. A recent bug in Google's Markup tool for the Pixel phone, humorously dubbed the "Acropalypse," shows this issue might be surprisingly common.

Read more