acm-header
Sign In

Communications of the ACM

ACM TechNews

Researchers Find New Bug 'Class' in Apple Devices


View as: Print Mobile App Share:
Artist's conception of a computer bug.

Trellix says its Advanced Research Center vulnerability team discovered bugs in iOS and macOS that bypass the strengthened code-signing mitigations put in place by Apple to stop the ForcedEntry exploit.

Credit: freshidea/stock.adobe.com

Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit.

ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit.

If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos.

Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.

From Computer Weekly
View Full Article

 

Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account