Apple silently patched a serious security vulnerability affecting iOS users that could expose data. Specifically, the flaw existed due to an improper patch for the previously known FORCEDENTRY vulnerability. An adversary could exploit the bug to access stored messages and photos in the target device.
Apple iOS Vulnerability Leaking Data
Researchers from Trellix have shared details about a new exploit affecting Apple iOS devices in a post. They demonstrated how a previously patched vulnerability could still let an adversary infiltrate iPhones.
Specifically, the researchers demonstrated bypassing the patch for the “FORCEDENTRY” bug discovered in 2021. As reported, FORCEDENTRY served as a major attack vector for the notorious Pegasus malware, targeting iOS 14.4 and 14.6 as a zero-day.
While Apple patched the vulnerability soon after receiving the bug report, it still posed a serious security risk. As Trellix explained, the second part of the vulnerability (as Google Project Zero demonstrated later) could allow sandbox escape. Exploiting this aspect could let an adversary bypass codesigning and execute arbitrary codes by abusing the “NSPredicate” class.
With this lead, Trellix researchers demonstrated how an attacker with code execution privileges could collect data from the target device via malicious NSPredicate. That includes accessing messages, calendar, location, address book, photos, and bypassing permissions.
The researchers demonstrated the exploit in the following video.
Apple Patched The Flaw
Upon discovering the vulnerability, the Trellix team contacted Apple to report the matter. They highlighted how this vulnerability affected both iOS and macOS systems alike.
Following their report, Apple developed a fix and released the patches with iOS 16.3 and macOS 13.2. The researchers further confirmed to have detected no active exploitation of the vulnerability before patching.
Hence, it means all users who updated their devices accordingly remained safe from risks. However, those who haven’t updated their systems should do so immediately to prevent any potential cyberattack.
Let us know your thoughts in the comments.