Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit.
ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit.
If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos.
Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.
From Computer Weekly
View Full Article
Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA
No entries found