TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Security researchers at RSAC demonstrated a prompt injection attack against Apple Intelligence, the on-device LLM used across iPhones, iPads, and Macs. Using a technique called Neural Exec combined with a Unicode right-to-left override trick, they bypassed Apple's input/output filters and safety guardrails with a 76% success rate across 100 test prompts. While the demo only forced the model to curse at users, the researchers confirmed the same method could be used to silently create or modify contacts, potentially enabling social engineering attacks. Apple was notified in October 2025 and patched the issue in iOS/macOS 26.4, though prompt injection as a broader class of vulnerability remains an ongoing challenge.

Security reserchers tricked Apple Intelligence into cursing