This major Apple bug could let hackers steal your photos and wipe your device

By Alex Blake Published February 22, 2023

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos — and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

A physical lock placed on a keyboard to represent a locked keyboard. — piranka / Getty Images

Apple protects its systems by requiring apps to be signed by approved developers, by sandboxing apps to prevent them from accessing areas they should not, and by almost entirely removing the ability to dynamically run arbitrary code. Combined, those measures help macOS and iOS become highly secure — but apparently not secure enough.

Recommended Videos

Trellix’s blog post explains that the infamous cyberintelligence organization NSO Group bypassed some of these protections in 2021 by exploiting Apple’s NSPredicate system. In short, NSPredicate is one of the few elements of macOS and iOS that can dynamically generate code — something that was thought to be absent from Apple’s operating systems. NSO Group discovered this and used it to craft its Pegasus spyware.

This exploit was dubbed FORCEDENTRY, and Apple patched it shortly after its discovery in late 2021. Trellix’s work, however, has shown that Apple’s patches can be easily bypassed, rendering them useless.

In fact, Trellix claims it has found an entire class of bugs that can be exploited this way, granting hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Some bugs could even be used to wipe your device in its entirety.

Trellix passed on the details of the exploits it discovered to Apple, and they were patched earlier this year. That means you should download the fixes — contained in macOS 13.2 and iOS 16.3 and later versions — as soon as you can. These exploits also serve as a helpful reminder that, despite the company’s reputation for strong security, no Apple product is invulnerable to attack. Ensuring your device is up to date is a great way to keep it safe.

Topics

Computing Writer

Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…

Mobile

This strange iOS bug can crash your iPhone in seconds

The App Library on the iPhone 14 Plus

Bored? Swipe all the way over to the App Library on your iPhone and type "":: in the search bar. Congratulations! You've just crashed your iPhone. But don't worry — it's not permanent or serious, according to security researchers.

Mastodon user Konstantin found that typing those four characters into the search bar will crash SpringBoard, the app responsible for the iPhone home screen. All it does is throw the phone into a loop for a moment before returning you to your lock screen. It doesn't close any apps or cause any other issues; if anything, it's just a reset. I tested it on my device and found nothing out of the ordinary.

Mobile

Apple just released another iOS 18 beta, and it could be an important one

An iPhone 15 Pro Max running iOS 18, showing its home screen.

There are only a few more weeks left until Apple is expected to reveal the iPhone 16 lineup and the public release of iOS 18. Apple has just released the seventh developer beta for iOS 18, and according to Bloomberg's Mark Gurman, it could be the last beta before the big launch next month.

The latest iOS 18 developer beta has the build number 22A5346a. It’s unclear exactly what is new with the build, as it just rolled out. The previous iOS 18 beta 6 had some changes, like a new Control Center toggle, significant tweaks to the Photos app, Dark Mode and tinting improvements, and more.

Computing

You can finally try out Apple Intelligence on your Mac. Here’s how

macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

The second developer beta of macOS Sequoia is open for business and it includes Apple Intelligence features. It looks like anyone can try it out as long as you're not in China. That includes people in the EU -- even though the AI features might not launch there right away. The features available for testing include Writing Tools, Siri, Safari and Mail summaries, Smart Replies, Memory Movies, transcription features, Reduce Interruptions Focus Mode, and a few more. If you want to have a look yourself, here's everything you need to do to download the beta and activate Apple Intelligence.

Before you start, make sure you've backed up your Mac with Time Machine so you can restore the previous version if anything goes wrong. You can also use a secondary device if you have another Apple silicon Mac lying around because beta versions can go wrong and you have to download them at your own risk.