Apple’s macOS and iOS systems are often considered more secure than their competitors, but that doesn’t make them invulnerable. The security team recently demonstrated this by showing how hackers can use security systems. Mansana to access your messages, location data and photos, and even to completely wipe your device.
The discovery was published on a blog post by security research firm Trellix and will be of major concern to iOS and macOS users as the vulnerabilities can be exploited in both operating systems. Trellix explains that Apple fixed exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as possible.
Apple protects its systems by requiring apps to be signed by approved developers, sandboxing apps to prevent access to areas they shouldn’t, and almost completely eliminating the ability to dynamically execute arbitrary code. Together, these measures help make macOS and iOS very secure, but clearly not secure enough.
A Trellix blog post explains that the infamous NSO Group cyber intelligence organization in 2021 bypassed some of these defenses using Apple’s NSPredicate system. In short, NSPredicate is one of the few elements of macOS and iOS that can dynamically generate code, which has not been possible before in Apple operating systems. The NSO Group discovered this and used it to create their Pegasus spyware.
This exploit was dubbed FORCEDENTRY and was patched by Apple shortly after its discovery in late 2021. However, Trellix’s work has shown that Apple’s fixes can be easily bypassed, rendering them useless.
In fact, Trellix claims to have discovered a whole class of bugs that can be exploited in this way, giving hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Some bugs can even be used to wipe your device completely.
Trellix passed the details of the exploits to Apple, and they were patched earlier this year. This means you should download the fixes included with macOS 13.2 and iOS 16.3 and later as soon as possible. They also serve as a useful reminder that, despite the company’s reputation for security, no Apple product is immune to attack. Making sure your device is up to date is a great way to keep it safe.
Source: Digital Trends
