Apple’s macOS and iOS are often seen as more secure than their competitors, but that doesn’t make them vulnerable. One security team recently proved that by showing how hackers can exploit Apple systems to gain access to your messages, location data, photos, and even wipe your entire device.
The discoveries were published on the blog by security research firm Trellix and will be of great concern to iOS and macOS users alike, as vulnerabilities in both operating systems can be exploited. Trellix states that Apple patched the vulnerabilities in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as possible.
Apple protects its systems by requiring authorized developers to sign apps, by sandboxing apps to prevent them from accessing areas they shouldn’t, and by almost completely removing the ability to dynamically run arbitrary code. Combined, these measures help macOS and iOS become too secure — but they seem not secure enough.
Trellix’s blog post explains that the popular cyber-intelligence organization NSO Group bypassed some of these protections in 2021 by exploiting Apple’s NSPredicate system. In short, NSPredicate is one of the few components in macOS and iOS that can generate an icon dynamically – something that was thought to be absent from Apple’s operating systems. The NSO Group discovered this and used it to make their Pegasus spyware.
Dubbed FORCEDENTRY, the exploit was patched by Apple shortly after its discovery in late 2021. However, Trellix’s work has shown that Apple’s patches can easily be bypassed, rendering them useless.
In fact, Trellix claims to have found an entire class of bugs that could be exploited in this way, giving hackers access to a user’s calendar, address book, photos, camera, microphone, and more. Some errors can be used to completely wipe your device.
Trellix passed details of the vulnerabilities it discovered to Apple, and they were patched earlier this year. This means you should download the fixes — found in macOS 13.2 and iOS 16.3 and later — as soon as possible. They also serve as a helpful reminder that despite the company’s reputation for robust security, no Apple product is vulnerable to attack. Making sure your device is up to date is a great way to keep it secure.
Leave a Reply