Apple’s latest security flaw could lead hackers to attack Apple devices, according to security researchers who say the flaw could be used to steal data.
The Apple bug, dubbed “A9” by researchers, could allow an attacker to remotely execute code on an affected device by sending it commands to a remote process or executing malicious code.
The bug has been in the wild for several weeks, and a team of security researchers from the University of Ottawa has already found an exploit that can be used on Apple devices with an Apple SIM card and SIM card reader.
The team said the exploit uses a “brutality and costly” attack that is used to “access the firmware, inject code and then execute code”.
“We found that this attack works on an iPhone 5c and 5s that were shipped from late 2013 through early 2015,” researcher John-Patrick Wysocki wrote on a blog post.
“This is the first known vulnerability in Apple’s device family that allows this attack.”
Apple’s iOS software has a patch in place that should prevent the flaw from being exploited, but it’s unclear if the company has released it to all of its users.
Apple did not immediately respond to a request for comment from CBC News.
The researchers said that the attack would only be possible on the iPhone 5s, which has a built-in SIM card slot, and it’s possible the same flaw could also be used in the iPad Air, which also has an SIM card.
Apple said it has already fixed the bug, which it said could have been introduced as early as 2013.