Home → News → Researchers Find New Bug 'Class' in Apple Devices → Full Text

Researchers Find New Bug 'Class' in Apple Devices

By Computer Weekly

February 27, 2023

[article image]

Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit.

ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit.

If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos.

Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.

From Computer Weekly
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found