Apple sells millions of iPhones, iPads, and Mac computers around the world, and thanks to that, the company has managed to build up a pretty decently-sized network for its Find My service. For those unfamiliar, Find My is an Apple service that helps you track down lost iPhones, iPads, AirTags, and so on.
It relies on how there are so many Apple devices in existence that when all connected, forms a network of sorts. This network is meant to be used for good, but it seems that it might not be as secure as Apple would have liked. This is according to security researcher Fabian Bräunlein who discovered that the network was exploitable, and using the exploit, managed to send a message through it.
Basically what they did was they leveraged the network to act as a data transfer mechanism, where they uploaded data from non-internet-connected devices to it, which in this case was an emulated AirTag that sent a message in its broadcast. The message was then received by a Mac running a custom app that decoded the message.
At this point, it is unclear how this exploit could be used for malicious purposes. However, it should be noted that the amount of data sent is very small, so maybe more sophisticated attacks might not go through. Either way, it’s something that Apple should probably look into all the same.