If you haven’t yet applied the latest patches for your Apple devices (both macOS and iOS), you should do it as soon as possible, as we now know that the older versions carried more vulnerabilities than previously thought.
Cybersecurity researchers from Trellix recently published a detailed blog post (opens in new tab), in which it discussed discovering multiple vulnerabilities that are a “significant breach of the security model of macOS and iOS which relies on individual applications having fine-grained access to the subset of resources they need and querying higher privileged services for anything else.”
As per the report, one of the vulnerabilities was found in CoreDuetd, a process gathering behavior data. A threat actor with code execution in a process with the proper entitlements (think Safari), can use the privileges of this process to execute malicious code, the researchers said. As this process runs as root on macOS, threat actors could also access people’s calendars, address books, and photos.
Executing malware
A similar issue (with similar consequences) impacts another process related to CoreDuetd, called ContextStored. This one allows threat actors to use a vulnerable XPC service to execute code, using a process with higher privileges.
Furthermore, the appstored and appstoredagent daemons hold vulnerable XPC Services as well, allowing threat actors to install abritrary applications, including system apps.
Additional similar vulnerabilities were found in services available to almost any app – OSLogService, and UIKitCore.
“By setting malicious scene activation rules an app can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device,” the researchers concluded.
While these vulnerabilities might be dangerous, and could result in data exfiltration, malware (opens in new tab) deployment, and in radical cases – endpoint destruction – they’ve all been addressed by Apple. MacOS 13.2, and iOS 16.3 both fixed the problems, which is why Trelling urges all users not to wait to apply the patch.