www.cbc.ca
Open in
urlscan Pro
23.32.58.182
Public Scan
Submitted URL: https://s2.bl-1.com/h/drmg9BfZ?url=https://www.cbc.ca/news/business/apple-security-flaw-full-control-1.6556039
Effective URL: https://www.cbc.ca/news/business/apple-security-flaw-full-control-1.6556039
Submission: On August 20 via manual from US — Scanned from DE
Effective URL: https://www.cbc.ca/news/business/apple-security-flaw-full-control-1.6556039
Submission: On August 20 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="searchForm">
<div class="search-autocomplete">
<div id="gn-compact-search-suggestions-status" class="a11y" role="status" aria-atomic="true" aria-live="polite"></div><input type="search" id="gn-compact-search" class="searchInput" name="query" placeholder="Search CBC.ca" aria-haspopup="listbox"
autocomplete="off" autocorrect="off" aria-autocomplete="both" aria-controls="gn-compact-search-autocomplete" aria-describedby="gn-compact-search-autocomplete-assistiveHint" aria-label="Search CBC.ca"><span class="a11y"
id="gn-compact-search-autocomplete-assistiveHint">When search suggestions are available use up and down arrows to review and enter to select.</span>
</div><button class="searchButton">Search</button>
</form>Text Content
Skip to Main ContentAccessibility Help
Menu
When search suggestions are available use up and down arrows to review and enter
to select.
Search
Search
Sign In
QUICK LINKS
* News
* Sports
* Radio
* Music
* Listen Live
* TV
* Watch
* news
* Top Stories
* Local
* COVID-19
* Climate
* World
* Canada
* Politics
* Indigenous
* Opinion
* The National
* Business
* Health
* Entertainment
* Science
* CBC News Investigates
* Go Public
* About CBC News
* Being Black in Canada
* More
* The National
* Business
* Health
* Entertainment
* Science
* CBC News Investigates
* Go Public
* About CBC News
* Being Black in Canada
Apple security flaw allows hackers to fully control iPhones, iPads and Macs |
CBC News Loaded
Business
APPLE SECURITY FLAW ALLOWS HACKERS TO FULLY CONTROL IPHONES, IPADS AND MACS
Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs
that could potentially allow attackers to take complete control of these
devices.
SOCIAL SHARING
* Facebook
0
* LinkedIn
0
* Twitter
0
* Email
0
* Reddit
0
INTRUDERS CAN IMPERSONATE DEVICE'S OWNER AND RUN ANY SOFTWARE IN THEIR NAME
The Associated Press · Posted: Aug 19, 2022 8:49 AM ET | Last Updated: August 19
An Apple iPhone 13 is displayed on their first day of sale, in New York, on
Sept. 24, 2021. Apple disclosed serious security vulnerabilities on Wednesday
for iPhones, iPads and Macs that could potentially allow attackers to take
complete control of these devices. (Richard Drew/The Associated Press)
1068
comments
Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs
that could potentially allow attackers to take complete control of these
devices.
Apple released two security reports about the issue on Wednesday, although they
didn't receive wide attention outside of tech publications.
Apple's explanation of the vulnerability means a hacker could get "full admin
access" to the device. That would allow intruders to impersonate the device's
owner and subsequently run any software in their name, said Rachel Tobac, CEO of
SocialProof Security.
According to the security reports, the vulnerabilities impacted Apple's WebKit,
which is the engine that powers the Safari web browser and other browsers on
iOS; and the kernel, Apple's core computer operating system.
Security experts have advised users to update affected devices — the iPhone6S
and later models; several models of the iPad, including the 5th generation and
later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS
Monterey. The flaw also affects some iPod models.
Apple did not say in the reports how, where or by whom the vulnerabilities were
discovered. In all cases, it cited an anonymous researcher.
WATCH | Why tech companies are ditching passwords:
APPLE, GOOGLE, MICROSOFT WANT TO DITCH PASSWORDS TO IMPROVE SECURITY
3 months ago
Duration 2:04
Tech giants Apple, Google and Microsoft have announced they're working on
implementing passwordless sign-on technology, allowing users to more securely
log into mobile, desktop and browser apps using their smartphones without a
standard password.
Commercial spyware companies such as Israel's NSO Group are known for
identifying and taking advantage of such flaws, exploiting them in malware that
surreptitiously infects targets' smartphones, siphons their contents and
surveils the targets in real time.
In July 2021, Apple released a similar security point that said that a flaw in
its security design was being "actively exploited." Again, an anonymous
researcher was credited for the discovery.
NSO Group has been blacklisted by the U.S. Commerce Department. Its spyware is
known to have been used in Europe, the Middle East, Africa and Latin America
against journalists, dissidents and human rights activists.
Security researcher Will Strafach said he had seen no technical analysis of the
vulnerabilities that Apple has just patched. The company has previously
acknowledged similarly serious flaws and, in what Strafach estimated to be
perhaps a dozen occasions, has noted that it was aware of reports that such
security holes had been exploited.
WATCH | Serious security flaw exposed:
APPLE URGING USERS TO UPDATE DEVICES DUE TO SECURITY FLAW
20 hours ago
Duration 2:07
Apple is warning customers to update the software on their iPhones, iPads and
Mac computers due to a security flaw that could allow hackers to take control of
their devices.
"Yes, hackers, threat actors can take control of devices," said Daniel Tobok,
the CEO of Toronto-based cybersecurity firm Cypfer, in an interview with CBC
News.
The devices most vulnerable to targeted attacks are the ones that aren't
up-to-date on security patches, which is about 18 per cent of devices globally,
according to Tobok.
Apple reveals security flaws more or less on an annual basis, particularly after
the flaws have been detected by what Tobok calls "threat actors," or hackers.
* U.S. communications regulator wants TikTok removed from app stores over
spying concerns
* Americans are being urged to delete period tracking apps. Should Canadians do
the same?
* Apple issues security patch after Toronto-based Citizen Lab flags
vulnerability
Typically, hackers will gain access to a device and then change its passwords so
that the user is locked out of their own phone or laptop. But it's extremely
difficult for users to detect when their device has been compromised, he said.
"When you have a super power, privileged user on the phone, they could
potentially do things without you even noticing," Tobok said. "This is really
one of the dangers of having a device that is compromised because, unlike
Hollywood, you don't see icons flashing and you don't see your red lights
bleeping."
"You're really not aware because what the threat actors are doing is moving very
quietly, just exfiltrating your data or leveraging your phone as a hub for
committing another potential crime."
WATCH | Security flaw shows how tech can be weaponized:
PEOPLE COMING TO GRIPS WITH DEVICE VULNERABILITY, SAYS CYBERSECURITY ANALYST
1 day ago
Duration 5:35
Ritesh Kotak, a cybersecurity analyst, says the recent security flaw discovered
in Apple devices demonstrates how any kind of personal information placed on
electronic devices is vulnerable and can be 'weaponized.'
With files from CBC's Nisha Patel
CBC's Journalistic Standards and Practices|About CBC News
Corrections and clarifications|Submit a news tip|Report error
RELATED STORIES
* Americans are being urged to delete period tracking apps. Should Canadians do
the same?
* U.S. communications regulator wants TikTok removed from app stores over
spying concerns
* Spyware used on separatists in Spain 'extensive,' Canadian cybersecurity
group's investigation reveals
COMMENTS
To encourage thoughtful and respectful conversations, first and last names will
appear with each submission to CBC/Radio-Canada's online communities (except in
children and youth-oriented communities). Pseudonyms will no longer be
permitted.
By submitting a comment, you accept that CBC has the right to reproduce and
publish that comment in whole or in part, in any manner CBC chooses. Please note
that CBC does not endorse the opinions expressed in comments. Comments on this
story are moderated according to our Submission Guidelines. Comments are welcome
while open. We reserve the right to close comments at any time.
BECOME A CBC MEMBER
Join the conversation Create account
Already have an account?Log in
Newest
Most Liked
1. Oldest
2. Most Liked
3. Most Replies
4. Most Active
5. Editor's Pick
1068 Comments
0
Commenting is now closed for this story.
← Show all comments
Show More
FOOTER LINKS
MY ACCOUNT
* Profile
* CBC Gem
* Newsletters
* About CBC Membership
CONNECT WITH CBC
* Facebook
* Twitter
* YouTube
* Instagram
* Mobile
* RSS
* Podcasts
CONTACT CBC
* Submit Feedback
* Help Centre
Audience Relations, CBC
P.O. Box 500 Station A
Toronto, ON
Canada, M5W 1E6
Toll-free (Canada only):
1-866-306-4636
ABOUT CBC
* Corporate Info
* Sitemap
* Reuse & Permission
* Terms of Use
* Privacy
* Jobs
* Our Unions
* Independent Producers
* Political Ads Registry
* AdChoices
SERVICES
* Ombudsman
* Corrections and Clarifications
* Public Appearances
* Commercial Services
* CBC Shop
* Doing Business with Us
* Renting Facilities
* Radio Canada International
ACCESSIBILITY
It is a priority for CBC to create a website that is accessible to all Canadians
including people with visual, hearing, motor and cognitive challenges.
Closed Captioning and Described Video is available for many CBC shows offered on
CBC Gem.
* About CBC Accessibility
* Accessibility Feedback
*
* ©2022 CBC/Radio-Canada. All rights reserved.
* Visitez Radio-Canada.ca
now
--------------------------------------------------------------------------------
CBC Caffeine Player 17.16.5
INFORMATION ABOUT COOKIES
Please know that cookies are required to operate and enhance our services as
well as for advertising purposes. We value your privacy. If you are not
comfortable with us using this information, please review your settings before
continuing your visit.
Learn moreClose