A major security vulnerability in Apple’s iPhone, iPad and Mac processors was exposed this week by the cyber research team at Israeli cybersecurity company Imperva. The flaw reportedly impacted over a billion users worldwide, including many in Israel.
According to Imperva's researchers, the vulnerability allowed attackers to "freeze" devices for several minutes by opening a malicious link. In some cases, the attack could occur without the user even clicking the link. Researchers also demonstrated scenarios where the malicious message led to a complete freeze of the infected device.
The flaw affected all devices powered by Apple’s M and A series processors, ranging from iPhones and iPads to Mac computers. It was caused by a loophole in the drivers for the graphics processing unit (GPU), enabling malicious code to run through WebGL. This overload on the GPU resulted in system crashes or temporary freezes.
After the vulnerability was uncovered, Apple released a security update (CVE-2023-40441) that addressed the issue by improving input validation in the device drivers. The update was rolled out in iOS 17, iPadOS 17 and macOS Sonoma. Both Apple and the researchers confirmed that no cases of exploitation had been recorded.
"This flaw highlights the tension between functionality and security," said Ron Masas, a vulnerability researcher at Imperva. "As we grant developers deeper access to the GPU, they can create amazing experiences like running language models directly in the browser or advanced gaming, but at the same time, we expose users to new risks. The real challenge is allowing this progress while maintaining the necessary protection against misuse."
Get the Ynetnews app on your smartphone: