This story is part of , our full coverage of the latest news from Apple.
Apple says the iPhone 13 features privacy that’s “built in from the beginning.” It pointed to on-device processing of voice commands and features to block third-party tracking as evidence of that commitment.
For example, the new operating system gives Siri on-device speech recognition. That means, Siri voice requests don’t leave your iPhone to be processed remotely. Intelligent tracking prevention feature also blocks trackers from profiling you by using your IP address. Email privacy protection also hides your IP address and prevents senders from learning about your mail activity, the company said.
The Tuesday rollout of flagship devices, however, skipped over two significant issues that raise questions about Apple’s privacy practices. The company didn’t mention an urgent update to its operating systems that closed an exploit that has already been used to target activists and journalists. Apple also steered clear of its own plans to spy on users by searching iPhones, Macs, iPads for images of child exploitation.
On Monday, Apple released security updates for its iPhone, iPad, Apple Watch and Mac computers that close a vulnerability reportedly exploited by invasive spyware built by NSO Group, an Israeli security company.
The fix stems from research done by The Citizen Lab, a public interest cybersecurity group that found a Saudi activist’s phone had been infected with Pegasus, NSO Group’s best-known product. According to Citizen Lab, the zero-day, zero-click exploit against iMessage, which it nicknamed ForcedEntry, targets Apple’s image rendering library and was effective against the company’s iPhones, laptops and Apple Watches.
Apple says it’s doubtful the exploit posed a danger to most users, noting that any attack would have to be highly sophisticated and cost millions of dollars to develop. As a result, a cybercriminal would probably save it for use against a specific person.
Still, Citizen Lab, which is based at the University of Toronto, expressed concern about potential use of the exploit. It determined NSO used the vulnerability to remotely infect devices with its Pegasus spyware, adding the exploit has likely been in use since February. “We urge readers to immediately update all Apple devices,” the group said.
Separately, Apple has faced blowback for a now-postponed feature set that’s designed to detect if people have child exploitation images or videos stored on their device. The features were initially intended to be included in iOS 15, iPad OS 15, WatchOS 8 and MacOS Monterey.
The feature converts images into unique bits of code, known as hashes. The hashes are then checked against a database of known child exploitation content that’s managed by the National Center for Missing and Exploited Children. If a certain number of matches are found, Apple gets an alert and can then choose to investigate.
Security experts and digital privacy groups including the Electronic Frontier Foundation, Fight for the Future and Surveillance Technology Oversight Project (STOP), have decried the plan and held protests Monday ahead of the iPhone launch in front of about a dozen Apple stores.
In addition to amounting to corporate surveillance, the groups say the feature would create a backdoor into consumer devices that could be taken advantage of by authoritarian regimes and potentially put lives at risk.
Apple hasn’t said when the feature will be released. On Sept. 3, It delayed the rollout to make improvements and address privacy concerns.
Apple’s fall launch — which was virtual again this year because of the COVID-19 pandemic — tends to be the company’s most important of the year. It’s when the company announces new iPhones, which represent about half its revenue. Its lineup from 2020, the iPhone 12, offered 5G and the first major design revamp since 2017’s iPhone X.
CNET’s Ian Sherr contributed to this report.