Security researchers claim they discovered a “new class” of vulnerabilities that allow hackers to circumvent Apple’s security measures on iOS or macOS to gain access to users’ sensitive information.
The Trellix Advanced Research Center published details this week about privilege escalation flaws that allow users to gain an increased access level to the system, which affects both iPhones as well as Macs. Trellix cautioned that the category of vulnerabilities that range from moderate to extreme and could be exploited if they are not addressed permit malicious apps to bypass their “sandbox” and access sensitive data on a device’s owner such as messages from a user and location information, as well as call history, and even photos.
Trellix’s findings are based on earlier studies by Google as well as Citizen Lab, which in 2021 found a new zero-day exploit known as ForcedEntry that was used by Israeli spyware maker NSO Group to remotely and secretly hack into iPhones on behalf of its government clients. Apple has since increased its protections for device security by introducing new code-signing mitigations that digitally confirm that the application on the device is secure and hasn’t been altered to prevent misuse of the vulnerability.
However, Trellix declared this week the security measures implemented by Apple do not suffice to protect against similar attacks.
In an article on the blog, Trellix said the new issues are related to NSPredicate, which is an application that lets developers to filter their code, within which Apple has tightened restrictions in the wake of the ForcedEntry bug via an NSPredicateVisitor-based protocol. However, Trellix claimed that virtually all implementations using NSPredicateVisitor “could be bypassed.”
Although Trellix has not seen any evidence to suggest these vulnerabilities are being deliberately exploited, the security firm tells TechCrunch that its research has shown the fact that iOS as well as macOS can be “not inherently more secure” over other operating systems.
“The vulnerabilities uncovered by our team this week have fundamentally broken their security model,” said Doug McKee, director of Vulnerability Research at Trellix, noting that the vulnerabilities could have, theoretically could have exposed vulnerable Apple device to vast variety of attack vectors and made it more difficult for hackers to gain access to sensitive information. “These bugs essentially allow an attacker that has achieved low privileged code execution, i.e., basic functions on macOS or iOS, to gain much higher privileges.”
Apple patched the vulnerability Trellix discovered with its macOS 13.2 as well as iOS 16.3 Software updates that were released in January. Apple’s security documentation was modified on the Tuesday of last week to include the launch of the patches.
Will Strafach, a security researcher and co-founder of the Guardian firewall application said the vulnerabilities are “pretty clever,” but cautioned that there’s nothing that a user can do to mitigate these risks “besides staying vigilant about installing security updates.”
And iOS, as well as macOS Security researcher Wojciech Regula, said to TechCrunch that there are vulnerabilities that could be serious but in the absence of exploits, more information is required to assess the extent of the attack surface is.
Jamf’s Michael Covington said that Apple’s security measures for code-signing are “never intended to be a silver bullet or a lone solution” to safeguard the data on devices. “The vulnerabilities, though noteworthy, show how layered defenses are so critical to maintaining good security posture,” Covington declared.
