{"id":611126,"date":"2023-02-23T08:48:55","date_gmt":"2023-02-23T14:48:55","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/23\/researchers-find-new-bug-class-in-apple-devices\/"},"modified":"2023-02-23T08:48:55","modified_gmt":"2023-02-23T14:48:55","slug":"researchers-find-new-bug-class-in-apple-devices","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/23\/researchers-find-new-bug-class-in-apple-devices\/","title":{"rendered":"Researchers find new bug \u2018class\u2019 in Apple devices"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/data-virus-cyber-attack-freshidea-adobe_searchsitetablet_520X173.jpg\" data-credit=\"freshidea - stock.adobe.com\"  width=\"520\" height=\"173\" alt><\/p>\n<p>freshidea &#8211; stock.adobe.com<\/p>\n<\/p><\/div>\n<div id=\"content-header\">\n<h2>A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>22 Feb 2023 12:52<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Researchers at Trellix have uncovered what they claim to be an entirely new class of privilege escalation vulnerability in Apple devices stemming from <a href=\"https:\/\/www.computerweekly.com\/news\/252506645\/Apple-patches-ForcedEntry-vulnerability-used-by-spyware-firm-NSO\">the infamous ForcedEntry exploit<\/a> used by disgraced Israeli spyware manufacturer NSO Group to let its government customers target activists, journalists and political opponents.<\/p>\n<p>The existence of ForcedEntry \u2013 CVE-2021-30860 \u2013 was disclosed in September 2021 by <a href=\"https:\/\/citizenlab.ca\/\">The Citizen Lab<\/a>, an interdisciplinary laboratory based at the University of Toronto\u2019s Munk School of Global Affairs and Public Policy in Canada, which was <a href=\"https:\/\/www.computerweekly.com\/news\/252504149\/Pegasus-mobile-RAT-abused-to-monitor-journalists-and-activists\">the first to expose NSO\u2019s malfeasance<\/a> earlier that summer.<\/p>\n<p>But now, Trellix says its Advanced Research Centre vulnerability team has discovered a group of bugs in iOS and macOS that bypass the strengthened code-signing mitigations put in place by Apple to stop the exploitation of ForcedEntry.<\/p>\n<p>Left unaddressed, these vulnerabilities \u2013 which range from medium to high severity carrying CVSS scores from 5.1 to 7.1, could allow a threat actor to access sensitive information on a target device, including but not limited to the victim\u2019s messages, location data, call history and photos.<\/p>\n<p><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html\">In Trellix\u2019s disclosure notice<\/a>, senior vulnerability researcher Austin Emmitt said the new bugs involve the NSPredicate tool used by developers to filter code, around which Apple tightened restrictions in the wake of the ForcedEntry fracas by introducing a protocol called NSPredicateVisitor.<\/p>\n<p>\u201cThese mitigations used [a] large deny list to prevent the use of certain classes and methods that could clearly jeopardise security,\u201d explained Emmitt.<\/p>\n<p>\u201cHowever, we discovered that these new mitigations could be bypassed. By using methods that had not been restricted, it was possible to empty these lists, enabling all the same methods that had been available before. This bypass was assigned CVE-2023-23530 by Apple.<\/p>\n<p>\u201cEven more significantly, we discovered that nearly every implementation of NSPredicateVisitor could be bypassed. This bypass was assigned CVE-2023-23531. These two techniques opened a huge range of potential vulnerabilities that we are still exploring.\u201d<\/p>\n<p>So far, the team has found multiple vulnerabilities within the new class of bugs, the first and most significant of which exists in a process designed to catalogue data about behaviour on Apple devices. If an attacker has achieved code execution capability in a process with the right entitlements, they could then use NSPredicate to execute code with the process\u2019s full privilege, gaining access to the victim\u2019s data.<\/p>\n<p>Emmitt and his team also found other issues that could enable attackers with appropriate privileges to install arbitrary applications on a victim\u2019s device, access and read sensitive information, and even wipe a victim\u2019s device. Ultimately, all of the new bugs carry a similar level of impact to ForcedEntry.<\/p>\n<p>Emmitt said the vulnerabilities constituted a \u201csignificant breach\u201d of the macOS and iOS security models, which rely on individual applications having fine-grain access to the subset of resources needed, and querying services with more privileges to get anything else.<\/p>\n<p>\u201cServices that accept NSPredicate arguments and check them with insufficient NSPredicateVisitors allow malicious applications and exploit code to defeat process isolation and directly access far more resources than should be allowed. <a href=\"https:\/\/support.apple.com\/en-gu\/HT213605\">These issues were addressed with macOS 13.2 and iOS 16.3<\/a>. We would like to thank Apple for working quickly with Trellix to fix these issues,\u201d he wrote.<\/p>\n<section data-menu-title=\"Fruitful interaction\">\n<h3><i data-icon=\"1\"><\/i>Fruitful interaction<\/h3>\n<p><a href=\"https:\/\/www.synopsys.com\/software-integrity\/cybersecurity-research-center.html\">Synopsys Cybersecurity Research Centre<\/a> global research head Jonathan Knudsen said the outcome of the disclosures represented a \u201cfruitful interplay\u201d between researchers and Apple, which has been criticised before now <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252508220\/Burned-by-Apple-researchers-mull-selling-zero-days-to-brokers\">for its approach to vulnerability disclosures and patching<\/a>.<\/p>\n<p>\u201cSoftware must be built with security in mind at every phase, with the goal of finding and eliminating as many vulnerabilities as possible. Even when you do everything right, however, some vulnerabilities can still be present in the released software,\u201d he said.<\/p>\n<p>\u201cPost-release, security researchers, both benevolent and malicious, might also discover vulnerabilities. Responding quickly to inbound security disclosures is critically important. Some organisations, including Apple, encourage security researchers to submit issues by providing incentives, typically called bug bounties. Recognising and engaging the security research community is an important component of a comprehensive software security initiative,\u201d he said.<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Data breach incident management and recovery<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/365530036\/Cisco-fixes-two-bugs-that-could-have-led-to-supply-chain-attacks-on-users\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/data-virus-cyber-attack-freshidea-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/data-virus-cyber-attack-freshidea-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/data-virus-cyber-attack-freshidea-adobe.jpg 1280w\" alt ><\/p>\n<h5>Cisco fixes two bugs that could have led to supply chain attacks on users<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/252528134\/Apple-to-tap-third-party-for-physical-security-keys\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/apple-store-getty_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/apple-store-getty_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/apple-store-getty.jpg 1280w\" alt ><\/p>\n<h5>Apple to tap third party for physical security keys<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252526246\/Python-vulnerability-highlights-open-source-security-woes\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1287248739_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1287248739_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1287248739.jpg 1280w\" alt ><\/p>\n<h5>Python vulnerability highlights open source security woes<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252525272\/15-year-old-Python-vulnerability-poses-supply-chain-threat\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a216006547_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a216006547_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a216006547.jpg 1280w\" alt ><\/p>\n<h5>15-year-old Python vulnerability poses supply chain threat<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365531464\/Researchers-find-new-bug-class-in-Apple-devices\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Larisa Pepper<\/p>\n","protected":false},"excerpt":{"rendered":"<p>freshidea &#8211; stock.adobe.com A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix By Alex Scroxton, Security Editor Published: 22 Feb 2023 12:52 Researchers at Trellix have uncovered what they claim to be an entirely new<\/p>\n","protected":false},"author":1,"featured_media":611127,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4430,5016,46],"tags":[],"class_list":{"0":"post-611126","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-class","8":"category-researchers","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/611126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=611126"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/611126\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/611127"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=611126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=611126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=611126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}