Published on 6/23/2026
Some users believe that Apple phones and devices are immune to cyberattacks and cannot be targeted or hacked, but recent developments in the world of cybersecurity confirm the opposite, and reveal vulnerabilities that can be used to penetrate the company’s devices.
These vulnerabilities begin with a cybersecurity company called Paradigm Shift revealing the existence of a vulnerability in the Apple chips used in some old iPhone models, according to a report published yesterday, Monday, by the American technical website TechCrunch.
This vulnerability helps to penetrate the phone’s operating system, remove restrictions imposed by the company, whatever they may be, and access the data contained therein. Paradigm Shift called this vulnerability “USBliter8”, as the vulnerability hides in the main boot code of the device.
The vulnerability directly affects iPhones that come with A12 and A13 processors that Apple introduced in 2018 and 2019, and therefore affects iPhone XS and iPhone 11 devices, according to the report.
But exploiting this vulnerability requires direct access to the phone, in addition to the cost of exploiting it through specialized spyware.
If this vulnerability only threatens specific targets, there are other risks that directly threaten and affect the average user, including the attack known as “Apple Urgent Alert,” as revealed by a report by the American technical website “Digital Trends” last Saturday.
Fraud targeting the user
The phishing attack, known as the “Apple Flash Alert,” relies on the attacker posing as an Apple technical support employee to convince the victim that his phone has been hacked.
This type of attack previously targeted various Microsoft devices, as the attackers were disguised as technical support employees from the company’s teams.
The attack begins by receiving a fake warning urging the user to click on one of the malicious links that appear on the Internet page or while using an application.
The user may receive the alert via his email or also a phone call enhanced by artificial intelligence from a person claiming to be an Apple technical support person.
Then the attacker tries to persuade the victim to enter the password for his iCloud account in order to steal data and enter the user’s Apple account, which is the account that usually includes the user’s direct contact information, payment cards, photos, messages, and contacts.
The Digital Trends report reveals that some attackers tend to buy gift cards for various stores that give the attacker a balance in his Apple account through the victim’s account.
How can a fake message be detected?
Attackers try to make the messages that reach users very similar to the original Apple messages, but in the end there are some signs that indicate to the user that these messages are fake, according to a report by the American technical website “Fast Company”.
The user must first look at the link from which the alert message arrived, even if it looks like traditional system alert messages; In this case, the user closes any applications or web pages and waits for the message to appear again. If it appears, this means that it is most likely a real message.
Signs that the message is fake also include the email addresses from which it is sent, as it will not end in the official Apple domain, no matter how similar the fake domain is, and the difference can be discovered by checking the domain.
In addition, the user can detect fake messages by looking for misspellings and poor grammar used in the message.
