Trellix Advanced Research Center, a leading cybersecurity research institute, has discovered a series of vulnerabilities in iOS and macOS systems that could compromise the privacy and security of Apple users. The vulnerabilities, which were disclosed in a recent blog post, allow attackers to gain access to a wide range of sensitive data, including location data, photos, call records, and more.
Coreduetd Process Vulnerability
The first vulnerability identified by Trellix is located in the coreduetd process. This vulnerability enables an attacker to gain access to a user's calendar, address book, and photos without the user's knowledge or consent.
OSLogService and NSPredicate Vulnerabilities
Trellix also identified vulnerabilities in the OSLogService and NSPredicate in Springboard that can be exploited by attackers to gain access to a user's camera, microphone, and call records.
Impact on Apple Users
The discovery of these vulnerabilities raises serious concerns about the privacy and security of Apple users. If exploited, the vulnerabilities could lead to the theft of sensitive personal data, including photos, location data, and call records.
Apple's Response
Trellix reported the vulnerabilities to Apple, which promptly addressed the issues in the latest versions of iOS and macOS. Apple released two security updates, CVE-2023-23530 and CVE-2023-23531, in iOS 16.3 and macOS 13.2 Ventura to address the vulnerabilities identified by Trellix.
Trellix's Acknowledgment of Apple's Response
Trellix acknowledged the prompt response from Apple in addressing the vulnerabilities identified by the research center. Further testing by Trellix confirmed that the memory processing mechanism had been improved to fix the vulnerabilities.
0 Comments