



For years, Apple has strengthened its iPhone and Mac security systems. However, no company is immune to such problems. An investigation has uncovered a new class of bugs that may affect Apple’s iPhone and Mac operating systems. If exploited, the attacker could wipe out your messages, photos, and call history.

Researchers at the security firm Trellixs Advanced Research Center today published details of a bug that allows criminal hackers to bypass Apple’s security protections and execute their own malicious code. The team said the security flaws they found were rated medium to high severity and bypassed protections Apple put in place to protect its users.

The key here is that the vulnerability breaks Apple’s security model at a fundamental level, said Doug McKee, Director of Vulnerability Research at Trellix. McKee says finding new bug classes means researchers and his Apple may be able to find more similar bugs and improve overall security protections. Apple has fixed the bug they found and there is no evidence that it has been exploited.

The Trellix findings build on previous research by Google and the Citizen Lab, a research facility at the University of Toronto. In 2021, the two organizations discovered ForcedEntry, a zero-click, zero-day iOS exploit linked to Israeli spyware maker NSO Group. (A highly sophisticated exploit was discovered on the Saudi activist’s iPhone and used to install NSO’s Pegasus malware.)

After analyzing ForcedEntry, I found that there are two important parts involved. The first tricks the iPhone into opening a malicious PDF disguised as a GIF. The second part allowed the attacker to escape Apple’s sandbox, which prevents apps from accessing data stored by other apps or accessing other parts of the device. . His Trellix research by senior vulnerability researcher Austin Emmitt focused on that second part of it, ultimately using the flaws he found to bypass the sandbox. .

Specifically, Emmitt discovered a series of vulnerabilities related to NSPredicate, a tool that can filter code in Apple’s systems. NSPredicate was first exploited by him in ForcedEntry. As a result of a 2021 study, Apple introduced new ways to stop exploits. But they don’t seem to be enough. In a blog post outlining the details of its research, Trellix found that these new mitigations could be bypassed.

McKee said the bug within this new NSPredicate class was present in multiple places on macOS and iOS, including within Springboard, the app that manages the iPhone’s home screen and allows access to location data, photos, and camera. I’m explaining. Exploitation of the bug gives attackers access to areas that should be closed. A proof-of-concept video published by Trellix shows how the vulnerability can be exploited.

A new class of bugs brings lenses into previously unexplored areas because people didn’t know they existed, says McKee. Especially since he’s behind ForcedEntry because someone at that level of sophistication already took advantage of bugs in this class.

Importantly, attackers looking to exploit these bugs need an initial foothold on someone’s device. Before I could abuse the NSPredicate system, I had to find a way out. (The existence of a vulnerability does not mean that it has been exploited.)

Apple has patched the NSPredicate vulnerability discovered by Trellix in the macOS 13.2 and iOS 16.3 software updates released in January. Apple has also issued his CVEs for the discovered vulnerabilities: CVE-2023-23530 and CVE-2023-23531. Apple has also released new versions of macOS and iOS to address these vulnerabilities. These included security fixes for bugs being exploited on people’s devices. Be sure to update your iPhone, iPad, and Mac whenever new versions of the operating system become available.

