Apple has recently announced that a new class of vulnerabilities exists in their products, which could allow attackers to bypass security protections and access users’ sensitive data. The announcement comes as Apple is currently facing criticism from security researchers for not releasing a software update that addresses these vulnerabilities sooner.
Given that Trellix has warned that the privilege escalation vulnerabilities affecting both iPhones and Macs could allow malicious apps to escape their protective “sandbox” and access sensitive information on someone’s device, it is incumbent upon users to take immediate action in order to mitigate potential risks. Given the widespread availability of these types of apps, it is important for everyone to keep up with software updates in order to keep their devices as safe as possible.
Trellix believes that Apple’s mitigations are not sufficient to prevent similar attacks, and hasrecommended further measures be put in place. These measures couldinclude updated security software on users’ devices, as well asherding users into using approved services.
Apple’s tightened restrictions on NSPredicate, a tool that allows developers to filter code around which they tightened restrictions following the ForcedEntry bug through a protocol called NSPredicateVisitor, have left many developers Rocking the Boat. Nearly every implementation of NSPredicateVisitor “could be bypassed,” according to Trellix Software, leaving devs vulnerable to new bugs.
Overall, Trellix believes that iOS and macOS are not inherently more secure than other operating systems. However, the company does note that these vulnerabilities have not been actively exploited and recommend cautious use of these platforms.
The Trellix security team has discovered vulnerabilities in Apple products that could easily allow an attacker with low privileged code execution privileges on macOS or iOS to gain much higher privileges. These bugs essentially allow an attacker to take complete control of a device without any further effort, potentially exposing sensitive data and opening the device up to attack vectors.
The macOS and iOS updates released in January were patchable by Trellix, but Apple released updated security support documents on Tuesday to reflect the release of the new patches. The vulnerabilities that Trellix found in its software updates have now been patched, but it is likely that other security holes remain in these updates. Apple customers are advised to update their software as soon as possible to protect themselves from potential vulnerability
The Guardian app was found to have multiple vulnerabilities that could be exploited by malicious actors. These vulnerabilities could allow attackers to gain access to sensitive information or execute arbitrary code on users’ devices. Although the average user cannot do much about these threats, they should remain vigilant about installing security updates and staying educated about the latest security trends.
While the vulnerabilities could be significant, in the absence of exploits they may not pose a threat. More information is needed to determine how big this attack surface is and if any exploits exist to take advantage of them.
Some experts say that Apple’s code-signing measures were never intended to be a silver bullet or a lone solution for protecting device data. Instead, they say layered defenses are critical to maintaining good security posture. Michael Covington, JAMF’s chief technical officer said this in a statement issued after research found vulnerabilities in Apple’s code-signing measures. These vulnerabilities show how important it is to have multiple layers of security in place when operating devices.
Apple seems to be quietly ignoring a growing number of customer complaints about slowdowns, crashes, and freezes on their devices. Many customers are reporting that the issues are getting worse instead of better and Apple has yet to offer a solution.
