Security researchers have unveiled a new class of bugs that could let cyber attackers bypass Apple’s security protections to access users’ data on iOS and macOS.
A report by the Advanced Research Center of Trellix unveils details regarding the privilege escalation vulnerabilities. It indicates these bugs allow attackers to gain a higher access level to the system, disturbing Macs and iPhones.
The new class of vulnerabilities discovered by Trellix ranges from medium to high severity. It could allow malicious apps to evade protective measures and access sensitive data on someone’s device, such as a person’s location, call history, photos, and messages, especially if left unpatched.
Interestingly, Trellix followed the similar findings of Citizen Lab and Google, which discovered a new zero-day exploit dubbed ForcedEntry in 2021. NSO Group – an Israeli spyware maker, abused it to remotely and furtively hack into iPhones at the request of its administration customers.
As per Tech Blog JustReviewed, Apple subsequently added new code-signing mitigations designed to cryptographically verify the reliability and modification of a device’s software and stop the exploitation of the exploit to strengthen its device security protections. According to Trellix, Apple put the mitigation in place, which is not sufficient to prevent more similar attacks.
Trellix Researchers Warn of the Bugs
Trellix wrote in a blog post that the new vulnerabilities include NSPredicate – a tool that lets developers filter codes. Apple tightened restrictions around the mentioned tool following the ForcedEntry bug using NSPredicateVisitor- a protocol. However, Trellix believes that developers could bypass almost every implementation of NSPredicateVisitor.
Trellix failed to show evidence suggesting that these bugs have begun to become actively exploited. But the cybersecurity company’s research shows iOS and macOS are inherently more insecure than other operating systems.
Doug McKee, the Vulnerability Research Director at Trellix, says the company’s team has uncovered the vulnerabilities this week. These bugs have fundamentally broken their security model. Theoretically, these bugs could expose affected Apple devices to numerous attack vectors and make illegal access to sensitive data easier for anyone.
According to McKee, these vulnerabilities enable attackers who have accomplished low-privileged code execution, such as basic functionality on iOS or macOS, to get higher privileges. Apple strengthened the bugs found by Trellix in its iOS 16.3 and macOS 13.2 software updates. The tech giant also updated its security support documents on Tuesday to reflect the launch of the new coverings.
Clever Vulnerabilities
Mr. Will Strafach, the founder and security researcher of the Guardian firewall app, says these bugs are pretty clever, and an average user cannot do much about these vulnerabilities except for taking careful measures while installing security updates.
On the other hand, Wojciech Regula, the security researcher for iOS and macOS at Apple, says these bugs could be substantial in the absence of feats. But one needs more details to regulate the level of the attack surface.
Apple took code-signing measures to deal with such a situation, though they were never a silver bullet to protect device data, said Michael Covington of Jamf. While these vulnerabilities are noteworthy, they demonstrate the importance of layered defenses to maintain a proper security posture.
