-: FOLLOW US :- @theinsaneapp
Security researchers have found a new class of vulnerabilities in iOS and macOS that could allow attackers to bypass Apple's security protections and access users' sensitive data.
-: FOLLOW US :- @theinsaneapp
The vulnerabilities, which Trellix warned range from medium to high severity, could allow malicious apps to escape their protective "sandbox" and access sensitive information on someone's device, including messages, location data, call history, and photos.
-: FOLLOW US :- @theinsaneapp
The bugs involve NSPredicate, a tool that allows developers to filter code, around which Apple tightened restrictions following the ForcedEntry bug through a protocol called NSPredicateVisitor, but nearly every implementation of NSPredicateVisitor "could be bypassed."
-: FOLLOW US :- @theinsaneapp
Trellix's research shows that iOS and macOS are "not inherently more secure" than other operating systems.
-: FOLLOW US :- @theinsaneapp
Apple patched the vulnerabilities in its macOS 13.2 and iOS 16.3 software updates, released in January.
-: FOLLOW US :- @theinsaneapp
The vulnerabilities were described as "pretty clever," but there is little the average user can do about these threats besides staying vigilant about installing security updates.
-: FOLLOW US :- @theinsaneapp
More details are needed to determine how big this attack surface is, and whether these vulnerabilities have been actively exploited.
-: FOLLOW US :- @theinsaneapp
Apple's code-signing measures were "never intended to be a silver bullet or a lone solution" for protecting device data.
-: FOLLOW US :- @theinsaneapp
The vulnerabilities show how layered defenses are critical to maintaining good security posture.
-: FOLLOW US :- @theinsaneapp
The importance of regularly installing security updates and keeping up with the latest security research is highlighted by this new class of vulnerabilities.