Trellix researchers have discovered a new class of bugs that could affect Apple’s iPhone and Mac operating systems. If exploited, these bugs could allow an attacker to access users’ messages, photos, and call history. The security flaws bypass protections Apple had put in place to protect users, and researchers rank them as medium to high severity.
The bugs revolve around NSPredicate, a tool that can filter code within Apple’s systems. NSPredicate was first abused in ForcedEntry, a zero-click, zero-day iOS exploit discovered by Google and Citizen Lab in 2021. Trellix’s research focuses on the second part of ForcedEntry, which allowed attackers to escape Apple’s sandbox.
Apple has fixed the bugs in its macOS 13.2 and iOS 16.3 software updates, which were released in January. The company has also issued CVEs for the vulnerabilities that were discovered: CVE-2023-23530 and CVE-2023-23531. Since Apple addressed these vulnerabilities, it has also released newer versions of macOS and iOS.
It is crucial for users to update their iPhone, iPad, and Mac each time a new version of the operating system becomes available to ensure that they are protected from these vulnerabilities.
Source: WIRED
