May 22, 2024

Trellix exposes security vulnerabilities in iPhone and Mac devices

Malicious hackers may have attacked iPhones, iPads and Macs through a series of vulnerabilities. Apple fixed the vulnerabilities documented by Trellix with updates to its operating systems in January 2023.

On January 23, 2023, Apple updates various operating systems: the company released iOS and iPadOS version 16.3 and MacOS version 13.2, among others. iPhone, iPad, and Mac owners should import these updates soon, because Apple not only introduced new features with them, but also closed various security holes. And they clearly had it all, as an analysis by Trellix shows. In it, the company, which grew out of the merger of McAfee and Fireeye, talks about a newly discovered bug class for franchise escalation.

The Pegasus Gate is not completely closed

The discovered vulnerabilities are based on a so-called forced saber attack. This vulnerability has been known for some time and was documented by the Citizen Lab at the University of Toronto. The vulnerability gained some notoriety because it used the Israeli NSO Group to distribute Pegasus spyware.

After the vulnerability became known, Apple took measures to fix it and render it harmless. However, as Trellix is ​​now showing, these measures were not enough to prevent similar attacks.

In fact, several zero-day vulnerabilities have been discovered that enable similar coercive attacks. According to Trellix, these “range from accessing SMS and iMessages to location data, personal photos, and videos.” Experienced hackers could have deleted some messages, call lists, voice messages, or even entire smartphones through these vulnerabilities. They were also able to track users using GPS data.”

See also  New Google Chrome feature aims to improve battery life

In a more technical way, Trellix shows that apps were able to bypass process isolation that is part of the security concept in macOS and iOS and thus access much more data than intended. Trellix provides more detailed documentation on their website.

Speaking of Apple devices, the latest iPhones have a feature designed to automatically detect incidents and notify emergency services. But sometimes Apple smartphones also sound an alarm while you’re downhill skiing or rollercoaster rides – to inconvenience emergency services, as you can read here.

If you would like to read more about cybercrime and cyber security, Subscribe to the Swisscybersecurity.net newsletter here. On the portal you can read daily news about current threats and new defense strategies.