Communications of the ACM

Home/News/Researchers Find New Bug 'Class' in Apple Devices/Full Text

ACM TechNews

Researchers Find New Bug 'Class' in Apple Devices

By Computer Weekly
February 27, 2023
Comments

View as: Print Mobile App Share:

Artist's conception of a computer bug. — Trellix says its Advanced Research Center vulnerability team discovered bugs in iOS and macOS that bypass the strengthened code-signing mitigations put in place by Apple to stop the ForcedEntry exploit.

Credit: freshidea/stock.adobe.com

Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit.

ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit.

If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos.

Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.

From Computer Weekly
View Full Article

No entries found

Researchers Find New Bug 'Class' in Apple Devices

VW Vehicles to Converse with Drivers via ChatGPT by Mid-Year

Gaining Benefit from Artificial Intelligence and Data Science: A Three-Part Framework

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy