A new type of bug that could compromise the security systems of Apple’s iPhones and Macs has been discovered by researchers at Trellix’s Advanced Research Center. Although Apple has a reputation for hardening its security systems, this newly found bug, which allows an attacker to take control of the device and access sensitive information, could break Apple’s security model. According to the director of vulnerability research at Trellix, Doug McKee, this bug class would enable researchers and Apple to potentially identify and improve security measures.
Although Apple has already fixed the bugs, researchers from Trellix say that these bugs, ranked as medium to high severity, bypass the security measures that Apple has put in place to protect users. The findings of Trellix’s research add to previous work by Citizen Lab and Google on ForcedEntry, a zero-day iOS exploit that was found on the iPhone of a Saudi activist and linked to the NSO Group, an Israeli spyware maker.
ForcedEntry involved two parts: the first tricked the iPhone into opening a malicious PDF disguised as a GIF, while the second part allowed attackers to escape Apple’s sandbox. Trellix’s research, led by senior vulnerability researcher Austin Emmitt, focuses on the second part, ultimately using the flaws found to bypass the sandbox.
Emmitt discovered a class of vulnerabilities related to NSPredicate, which is used for code filtering in Apple’s systems. This tool was abused in ForcedEntry, leading to the introduction of new mitigations in 2021.
However, Trellix’s research revealed that these mitigations could be bypassed, and bugs within the new NSPredicate class were found in multiple places across macOS and iOS, including within Springboard. Exploiting these bugs could allow an attacker to access closed-off areas, such as location data and photos.
Apple has released software updates and issued CVEs for the vulnerabilities found by Trellix. While an initial foothold into someone’s device would be required to exploit these bugs, it is important to update your devices whenever new operating system versions become available.
According to McKee, the discovery of this new class of bugs sheds light on an area that was previously overlooked, and highlights the sophistication of those exploiting these vulnerabilities
Go to Source
Author: Matt Burgess