With almost every iOS and macOS update, Apple releases a series of security improvements to fix important security vulnerabilities. Similar security improvements were made in the released iOS 16.3 and macOS Ventura 13.2. However, it turned out that both updates closed a very serious security hole.Major security flaw discovered in iOS and macOS
Cybersecurity company Trellix’s report published a while ago reported that there was a major security flaw in iOS and macOS operating systems, but the vulnerabilities were closed with the iOS 16.3 and macOS Ventura 13.2 update. The vulnerability found by Trellix allows an iPhone or Mac user’s messages, location data, photos, call history, and more to be accessed. It is even stated that it is possible to delete all data on the device by taking advantage of the vulnerability in the system.
Apple had almost completely removed the ability to run arbitrary code dynamically from operating systems to prevent apps from accessing areas they shouldn’t, by requiring apps to be signed by approved developers. However, according to Trellix’s discovery, this was not enough.
In a blog post published by Trellix, he reported that in 2021, NSO Group was not affected by the measures taken by the company by exploiting the vulnerabilities in Apple’s NSPredicate system. NSPredicate is one of the few items that can generate code dynamically on macOS and iOS. Apparently NSO Group discovered this and used it to inject Pegasus spyware.
Trellix forwarded its data and security vulnerabilities to Apple, which were fixed in iOS 16.3 and macOS Ventura 13.2. It is said that both updates should be installed as soon as possible. Thus, we see once again how important software updates are.
44052
