Overview
- RSAC researchers disclosed Thursday a method that beat Apple Intelligence’s on‑device safety checks, logging a 76% success rate across 100 randomized tests.
- The team paired Neural Exec, which auto‑generates trigger phrases that override model instructions, with a Unicode right‑to‑left override that hid harmful text by writing it backward.
- The attack slipped past input and output filters and then forced the local model to follow attacker instructions, which can affect app behavior and personal data through system APIs.
- RSAC reported the issue to Apple on October 15, 2025, and says Apple later hardened protections in iOS 26.4 and macOS 26.4, with no evidence of real‑world abuse as of publication.
- Researchers estimate at least 200 million compatible devices and between 100,000 and 1 million users of potentially exposed apps, highlighting wider risk as prompt injection continues to evolve.