Apple users! Look out for these security flaws

The security advisories have been revised to include some vulnerabilities impacting iOS, iPadOS, and macOS.

The flaws are: 

• Race condition: Uncontrollable bug conditions
• CVE-2021-30858 (WebKit): A use-after-free issue that could result in arbitrary code execution when processing maliciously crafted web content. The flaw has been addressed with improved memory management.
• CVE-2021-30860 (CoreGraphics): An integer overflow vulnerability that could lead to arbitrary code execution when processing a maliciously crafted PDF document. The bug has been remediated with improved input validation.

“An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges,” Apple said, adding it patched the issues with “improved memory handling.”

The medium to high-severity vulnerabilities have been patched in iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2 which were shipped on January 23, 2023.

According to Trellix: The behavior of the bug is like Forcedentary, which was weaponized by Israeli surveillance vendors.

Today, we published our discovery of a new bug class fundamentally affecting Apple’s security model. Austin Emmitt (@alkalinesec) breaks down the full story on the blog. https://t.co/DwmPkn2O2s

Summary of our research (and a reminder to update your devices) below. 🧵 pic.twitter.com/YSJ0xxqSCG

— Trellix Advanced Research Center (@TrellixARC) February 21, 2023

Did Apple users experience a security breach?

Like any software or operating system, Apple’s products are not immune to security vulnerabilities or flaws. Here are some notable security flaws that have been reported in recent years:

• Meltdown and Spectre vulnerabilities: In early 2018, researchers discovered two major security vulnerabilities, dubbed Meltdown and Spectre, that affected nearly all modern processors, including those used in Apple’s devices. These vulnerabilities could potentially allow attackers to steal sensitive information, such as passwords or encryption keys, from a device’s memory.
• FaceTime bug: In January 2019, a bug was discovered in Apple’s FaceTime app that allowed users to listen in on conversations of others before they answered the call. Apple quickly released a software update to address the issue.
• Zoom security flaw: In July 2019, a security researcher discovered a vulnerability in the Zoom video conferencing app that allowed attackers to access a user’s webcam without their permission. While this was not an Apple-specific issue, it did affect users on macOS.
• iOS keyboard app security flaw: In May 2020, a security researcher discovered a vulnerability in the iOS keyboard app that could potentially allow attackers to steal sensitive data, such as passwords or credit card information, from a user’s device.

“The vulnerabilities above represent a significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services to get anything else,” Emmitt said.

Concluding thoughts

Security vulnerabilities and flaws are the associated risks with all tech-savvy companies. Apple has a record of addressing the issues through quick software patches and updates. As a user, one must perform vigilance while accessing sensitive information. Keep your device up to date and avoid suspicious links and downloads.