Security researchers warn of a new class of Apple bugs

Security researchers say they have discovered a “new class” of vulnerabilities in iOS and macOS that could allow attackers to bypass Apple’s security protections and gain access to sensitive user data.

Trellix’s Advanced Research Center released details of a privilege escalation vulnerability this week. This means that it allows someone to gain high-level access to systems that affect both iPhones and Macs. Trellix notes that a class of bugs ranging in severity from medium to high, if left unpatched, could allow malicious apps to evade the protected “sandbox” and expose sensitive information on someone’s device. (messages, location data, call history, etc.) , and photos.

Trellix’s findings follow earlier research by Google and Citizen Lab in 2021, which uncovered a new zero-day exploit called ForcedEntry. The exploit was used by Israeli spyware maker NSO Group to remotely and covertly hack iPhones at the behest of government customers. Apple has since made its devices more secure by adding a new code-signing mitigation that cryptographically verifies that the device’s software is trusted and has not been modified to thwart exploit exploits. .

But Trellix said this week that the mitigations introduced by Apple are insufficient to prevent similar attacks.

In a blog post, Trellix said the new bugs include: NS Predicate, A tool that allows developers to filter their code. Following the ForcedEntry bug, Apple tightened the limit through a protocol called Code. NSPredicateVisitorBut Trellix is ​​a NSPredicateVisitor “It may be bypassed.”

Although Trellix has not seen evidence to suggest that these vulnerabilities have been actively exploited, the cybersecurity firm Trellix told TechCrunch that iOS and macOS are “intrinsically more vulnerable than other operating systems. It is not safe,” he said in a survey.

Doug McKee, Director of Vulnerability Research at Trellix, said: Improper access to sensitive data just got easier. “These bugs essentially allow attackers who run code with low privileges, basic functionality on macOS and iOS, to gain much higher privileges.”

Apple has patched the vulnerabilities Trellix found in the macOS 13.2 and iOS 16.3 software updates released in January. Apple’s security support documentation was also updated on Tuesday to reflect the new patch release.

Will Strafach, a security researcher and founder of the Guardian Firewall app, described the vulnerability as “very clever,” but said, “Besides paying attention to installing security updates, there are other ways to prevent these threats. There is little the average user can do,” he warned.

Wojciech Reguła, a security researcher for iOS and macOS, told TechCrunch that while the vulnerability could be significant, details are needed to determine how large the attack surface is in the absence of exploits. He said there is

Jamf’s Michael Covington said Apple’s code-signing measures were “never intended to be a silver bullet or the only solution” for protecting device data. “While the vulnerabilities are notable, they show how important defense in depth is to maintaining a good security posture,” he said.

When contacted, Apple did not provide off-the-record comment.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *