Over the years, Apple has developed a robust ecosystem, which many call it the high-walled garden, around iPhones, Macs and other products. Besides the deep integration between different product categories, the app store on iOS/iPadOS and macOS has the least number of fake apps compared to other platforms.
Yes, in recent years, Apple devices were breached by Pegasus spyware developed by NSO Group, to track human rights activists and journalists, but still, they are safer than Android and Windows. Also, the Cupertino-based company further improved the security.
However, cyber researchers at Trellix's Advanced Research Center have detected new vulnerabilities that may help hackers crack open the macOS and iOS devices.
They have revealed that NSPredicate, a tool that app developers use to add new functionality to apps, has security loopholes. Though Apple incorporated a stricter mechanism for developers to sign in NSPredicateVisitor pass, to make changes, it still can be bypassed.
App developers with criminal intentions are able to place malware and be able to access to the user’s calendar, address book, location data, camera and microphone, call history, photos, and other sensitive data, as well as wipe the device.
There are no official reports of threat actors misusing the aforementioned loophole, but Trellix has reported to Apple. It was apparently fixed in iOS 16.3 and macOS 13.3 for iPhones and Macs, respectively. Again, a just week ago, security patches were released in the latest iOS 16.3.1 and macOS 13.3.1, respectively.
Back then, Apple hadn't revealed the security loopholes, so that the owners get ample time to update devices to the latest software update. And, also most importantly, the news doesn't get the threat actors to exploit the devices, which haven't been updated yet.
Apple has thanked Trellix's researchers for their contribution to detecting the bugs early and help released patches fast.
"The vulnerabilities above represent a significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services to get anything else. These issues were addressed with macOS 13.2 and iOS 16.3. We would like to thank Apple for working quickly with Trellix to fix these issues, " Trellix Advanced Research Center said in a statement.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.
Deccan Herald is on WhatsApp Channels | Join now for Breaking News & Editor's Picks