Sign In

Communications of the ACM

ACM TechNews

Researchers Find New Bug 'Class' in Apple Devices

View as: Print Mobile App Share:
Artist's conception of a computer bug.

Trellix says its Advanced Research Center vulnerability team discovered bugs in iOS and macOS that bypass the strengthened code-signing mitigations put in place by Apple to stop the ForcedEntry exploit.

Credit: freshidea/

Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit.

ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit.

If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos.

Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.

From Computer Weekly
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account