Apple products, which are often considered as one the best when it comes to security, are now at risk after researchers unearthed new bugs.
Trellix’s Advanced Research Centre has published details of bugs that could allow hackers to access users’ messages, photos, and call history.
They said that the bugs can bypass all Apple security protections that were in place to protect users.
“The vulnerabilities range from medium to high severity with CVSS scores between 5.1 and 7.1,” Trellix was quoted by Wired.com. “These issues could be used by malicious applications and exploits to gain access to sensitive information such as a user’s messages, location data, call history, and photos.,”
Doug McKee, the director of vulnerability research at the firm, explained that the key thing here was the vulnerabilities break Apple’s security model at a fundamental level.
He said that people are unaware of this area because they didn’t know it existed.
Mackee pointed out that thanks to the findings they and Apple will be able to discover more similar bugs and improve overall security protection.
Apple has fixed the bugs the company found, and no evidence has been found that they were exploited.
Senior Vulnerability Researcher Austin Emmitt said that the new bugs involve the NSPredicate tool used by developers to filter code. Apple already introduced NSPredicateVisitor to tighten restrictions in the wake of the ForcedEntry fracas.
Moreover, the team has found multiple vulnerabilities within the new class of bugs, the first and most significant of which exists in a process designed to catalogue data about behaviour on Apple devices.
If an attacker manages to crack the code with the right entitlements, they could then use NSPredicate to execute code with the process’s full privilege, gaining access to the victim’s data.