Apple Hardens iOS 26.4, macOS 26.4 After 76% Apple Intelligence Prompt-Injection Success Rate
Updated
Updated · Fox News · Jun 7
Apple Hardens iOS 26.4, macOS 26.4 After 76% Apple Intelligence Prompt-Injection Success Rate
1 articles · Updated · Fox News · Jun 7
Summary
RSAC Research said Apple strengthened Apple Intelligence defenses in iOS 26.4 and macOS 26.4 after disclosing a prompt-injection flaw to the company on Oct. 15, 2025.
In 100 tests, researchers achieved a 76% success rate against Apple’s on-device model using adversarial prompts and Unicode right-to-left override tricks to slip instructions past safeguards.
The risk is notable because Apple Intelligence can summarize, rewrite and interact with apps through system tools, meaning manipulated outputs could affect app behavior or sensitive data handling.
RSAC said it found no public evidence of active exploitation, but estimated 100,000 to 1 million users may already use apps with potential exposure.
The findings undercut the idea that on-device AI is inherently safer: local processing limits data leaving the phone, but deeper system access expands the attack surface and raises the value of rapid updates.
Apple's on-device AI promised ultimate privacy. Can we ever truly trust AI with our most personal data after this?
When AI can find flaws faster than humans can patch them, are we already losing the cybersecurity arms race?
Apple Intelligence Prompt Injection Exposed: 2026 Attack Details, Patch Response, and Future AI Security Risks
Overview
In early 2026, RSAC Research revealed a major prompt injection vulnerability in Apple Intelligence after disclosing the issue to Apple in October 2025. Because Apple Intelligence is deeply integrated with system-level tools, attackers could manipulate responses to directly influence app behavior and potentially control data or functions within any enabled application. This raised concerns about the AI being coerced into generating offensive or unintended content. In response, Apple acted quickly, implementing robust protections to harden affected systems and address the critical security flaw, highlighting the ongoing challenges of securing advanced, integrated AI technologies.