HomeTechnologyCybersecurityApple Reports 3 New iPhone, iPad, and Mac Vulnerabilities

Apple Reports 3 New iPhone, iPad, and Mac Vulnerabilities

Published on

spot_img

Apple has updated the security advisory it issued last month to add three new vulnerabilities that affect iOS, iPadOS, and macOS.

The first flaw (CVE-2023-23520) is a race condition in the Crash Reporter component that could allow a malicious actor to read arbitrary files as root. Apple stated that has addressed the issue with further validation.

The other two flaws, discovered by Trellix researcher Austin Emmitt, are in the Foundation framework (CVE-2023-23530 and CVE-2023-23531) and might be exploited to gain code execution.

“An app may be able to run arbitrary code outside of its sandbox or with certain elevated privileges,” Apple explained, adding that the concerns have been fixed with “better memory handling.”

The medium to high-severity vulnerabilities were patched in iOS 16.3, iPadOS 16.3, and macOS Sierra 13.2, all of which were released on January 23, 2023.

Apple discovered vulnerabilities on iPhone, iPad and Mac devices. (Image by: The Hacker News)

Trellix described the two holes as a “new class of issues that allow bypassing code signing to execute arbitrary code in the context of many platform programmes, resulting to privilege escalation and sandbox escape on both macOS and iOS.”

The issues also get beyond Apple’s mitigations for zero-click exploits like FORCEDENTRY, which was used by Israeli mercenary spyware vendor NSO Group to install Pegasus on targets’ devices.

As a result, a threat actor might exploit these flaws to escape the sandbox and run malicious code with elevated privileges, possibly providing access to the calendar, address book, messages, location data, call history, camera, microphone, and photographs.

Worryingly, the security flaws might be exploited to install arbitrary software or even delete the device. Nevertheless, in order to exploit the flaws, an attacker must first gain a footing in the system.

“An app may be able to run arbitrary code outside of its sandbox or with certain elevated privileges.”

– Apple

“The aforementioned vulnerabilities represent a severe violation of macOS and iOS’s security model, which relies on individual programmes having fine-grained access to the subset of resources they require and requesting higher privileged services for anything else,” Emmitt added.

Info source – The Hacker News

Latest articles

Malaysia Average Salary Insights: Fresh Graduates and Inflation

In Malaysia, determining the average salary for fresh graduates has become an increasingly pressing...

Just For Thought: Current Social Media Problem

The rise of social media has undoubtedly revolutionized the way we connect with others...

The Negative Impact of Social Media on Geopolitical Movements

The emergence of social media has revolutionized communication worldwide, facilitating the spread of information,...

China’s Investment In Sarawak And Its Implications

China's investment in Sarawak has raised concerns among many locals and environmentalists. The influx...

More like this

Eight Wartime Rules For “Civilian Hackers” And Four State Obligations To Restrain Them

As digital technology changes how militaries conduct war, a concerning trend has emerged in...

The hackers’ new method of demanding ransom payments

Software developer Veeam has found that cybercriminals are getting more ingenious with their ransomware...

China bans Micron chips from being used in important facilities, citing “national security” risks

China has stopped selling some Micron goods after opening an investigation into the American...