Unfriend Checker
FDA approves Pfizer boosters for some Tiger King 2 Microsoft's Surface event: Everything announced Surface Duo 2 two-screened phone iPhone 13 Pro and 13 Pro Max review PS5 restock tracker

Apple touts iPhone 13's privacy features, but doesn't address spyware worries

The huge device maker also skipped over its controversial plans to scan user devices for child exploitation images.

data-privacy-security-hackers-hacking-unlock-iphone-0991
James Martin/CNET
This story is part of Apple Event, our full coverage of the latest news from Apple.

Apple says the iPhone 13 features privacy that's "built in from the beginning." It pointed to on-device processing of voice commands and features to block third-party tracking as evidence of that commitment.

The features will come as part of iOS 15, which rolls out on Monday. That means most iPhone users will benefit from the upgrade, not just those shopping for swanky new smartphones.

For example, the new operating system gives Siri on-device speech recognition. That means, Siri voice requests don't leave your iPhone to be processed remotely. Intelligent tracking prevention feature also blocks trackers from profiling you by using your IP address. Email privacy protection also hides your IP address and prevents senders from learning about your mail activity, the company said. 

Now playing: Watch this: Apple reveals iPhone 13
0:55

The Tuesday rollout of flagship devices, however, skipped over two significant issues that raise questions about Apple's privacy practices. The company didn't mention an urgent update to its operating systems that closed an exploit that has already been used to target activists and journalists. Apple also steered clear of its own plans to spy on users by searching iPhones, Macs, iPads for images of child exploitation.

On Monday, Apple released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company. 

The fix stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist's phone had been infected with Pegasus, NSO Group's best-known product. According to Citizen Lab, the zero-day, zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple's image rendering library and was effective against the company's iPhones, laptops and Apple Watches. 

Apple says it's doubtful the exploit posed a danger to most users, noting that any attack would have to be highly sophisticated and cost millions of dollars to develop. As a result, a cybercriminal would probably save it for use against a specific person.

Still, Citizen Lab, which is based at the University of Toronto, expressed concern about potential use of the exploit. It determined NSO used the vulnerability to remotely infect devices with its Pegasus spyware, adding the exploit has likely been in use since February. "We urge readers to immediately update all Apple devices," the group said.

Separately, Apple has faced blowback for a now-postponed feature set that's designed to detect if people have child exploitation images or videos stored on their device. The features were initially intended to be included in iOS 15, iPad OS 15, WatchOS 8 and MacOS Monterey.

The feature converts images into unique bits of code, known as hashes. The hashes are then checked against a database of known child exploitation content that's managed by the National Center for Missing and Exploited Children. If a certain number of matches are found, Apple gets an alert and can then choose to investigate. 

Security experts and digital privacy groups including the Electronic Frontier Foundation, Fight for the Future and Surveillance Technology Oversight Project (STOP), have decried the plan and held protests Monday ahead of the iPhone launch in front of about a dozen Apple stores.

In addition to amounting to corporate surveillance, the groups say the feature would create a backdoor into consumer devices that could be taken advantage of by authoritarian regimes and potentially put lives at risk.

Apple hasn't said when the feature will be released. On Sept. 3, It delayed the rollout to make improvements and address privacy concerns.

Apple's fall launch -- which was virtual again this year because of the COVID-19 pandemic -- tends to be the company's most important of the year. It's when the company announces new iPhones, which represent about half its revenue. Its lineup from 2020, the iPhone 12, offered 5G and the first major design revamp since 2017's iPhone X

CNET's Ian Sherr contributed to this report.