If you haven’t yet applied the latest patches for your Apple devices (both macOS and iOS), you should do it as soon as possible, as we now know that the older versions carried more vulnerabilities than previously thought.
Cybersecurity researchers from Trellix recently published a detailed blog post, in which it discussed discovering multiple vulnerabilities that are a “significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services for anything else.”
As per the report, one of the vulnerabilities was found in CoreDuetd, a process gathering behavior data. A threat actor with code execution in a process with the proper entitlements (think Safari), can use the privileges of this process to execute malicious code, the researchers said. As this process runs as root on macOS, threat actors could also access people’s calendars, address books, and photos.
A similar issue (with similar consequences) impacts another process related to CoreDuetd, called ContextStored. This one allows threat actors to use a vulnerable XPC service to execute code, using a process with higher privileges.
Furthermore, the appstored and appstoredagent daemons hold vulnerable XPC Services as well, allowing threat actors to install abritrary applications, including system apps.
Additional similar vulnerabilities were found in services available to almost any app - OSLogService, and UIKitCore.
“By setting malicious scene activation rules an app can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device,” the researchers concluded.
While these vulnerabilities might be dangerous, and could result in data exfiltration, malware deployment, and in radical cases - endpoint destruction - they’ve all been addressed by Apple. MacOS 13.2, and iOS 16.3 both fixed the problems, which is why Trelling urges all users not to wait to apply the patch.
- Here's a rundown of the best endpoint protection software today
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.