Three vulnerabilities have been flagged by Apple as impacting iPadOS, iOS and macOS devices. Two of the vulnerabilities are within the company’s “Foundation” framework and could be weaponised to launch remote code execution, giving hackers control of targeted systems.
The company has moved quickly to release patches for the three vulnerabilities. Apple states on its support page that “the issue was addressed with improved memory handling.”
Three Apple vulnerabilities flagged by researchers
The three vulnerabilities grant elevated privileges to attackers. Those in the Foundation framework, CVE-2023-23530 and CVE-2023-23531, were uncovered by researchers at cybersecurity vendor Trellix, showing that the exploits could be abused to achieve remote code execution on an infected Apple device.
The flaws are classified as a “new class of bugs that allow bypassing code signing to execute arbitrary in the context of several platform applications, leading to escalation of privileges and sandbox escapes on both macOS and iOS,” according to a Trellix blog released this week.
Mitigations that Apple had previously put in place to combat “zero-click” vulnerabilities can be bypassed by the new exploits. Zero-click vulnerabilities, often used by spyware such as NSO Group’s Pegasus, require no interaction from the owner of the target device to implement malware.
The pair of flaws could also be used to install their own application or even to wipe the device, and “represent a significant breach of the security model of the macOS and iOS,” according to Trellix.
The third vulnerability, CVE-2023-23520 affects the crash reporter component on iOS, which can allow an attacker to read arbitrary files as root. Apple’s security advisory page explains that it updated mitigations with “a race condition addressed with additional validation.”
By identifying and patching these vulnerabilities, Apple has demonstrated its strong relationship with the security community, argues Jonathan Knudsen of the Synopsys Cybersecurity Research Centre. “Trellix’s disclosures of privilege escalation vulnerabilities affecting macOS and iOS illustrate a fruitful interplay between security researchers and Apple,” he says. “Software must be built with security in mind at every phase, with the goal of finding and eliminating as many vulnerabilities as possible. Even when you do everything right, however, some vulnerabilities can still be present in the released software,” he said.
Such vulnerabilities must be tackled quickly, Knudsen adds. “Post-release, security researchers (both benevolent and malicious) might also discover vulnerabilities,” he says. “Responding quickly to inbound security disclosures is critically important. Some organisations, including Apple, encourage security researchers to submit issues by providing incentives, typically called bug bounties. Recognising and engaging the security research community is an important component of a comprehensive software security initiative.”
Read more: Apple could soon be at loggerheads with the UK government over end-to-end encryption
