{"id":19475,"date":"2023-02-23T16:55:12","date_gmt":"2023-02-23T11:25:12","guid":{"rendered":"https:\/\/magicsheds.in\/index.php\/2023\/02\/23\/apples-new-bug-could-let-hackers-delete-data-steal-photos-from-your-iphone-macbook\/"},"modified":"2023-02-23T16:55:12","modified_gmt":"2023-02-23T11:25:12","slug":"apples-new-bug-could-let-hackers-delete-data-steal-photos-from-your-iphone-macbook","status":"publish","type":"post","link":"https:\/\/magicsheds.in\/index.php\/2023\/02\/23\/apples-new-bug-could-let-hackers-delete-data-steal-photos-from-your-iphone-macbook\/","title":{"rendered":"Apple&#8217;s new bug could let hackers delete data, steal photos from your iPhone, MacBook"},"content":{"rendered":"<div>\n<div class=\"full-w-img\"><noscript><img decoding=\"async\" src=\"https:\/\/www.91-cdn.com\/hub\/wp-content\/uploads\/2023\/02\/Hacker.jpg\"\/><\/noscript><img decoding=\"async\" class=\"lazyload\" data-src=\"https:\/\/www.91-cdn.com\/hub\/wp-content\/uploads\/2023\/02\/Hacker.jpg\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/div>\n<p>A team of security experts claims to have discovered a \u201cnew class\u201d of vulnerabilities that could enable attackers to circumvent tech giant Apple\u2019s security measures in iOS and macOS to access users\u2019 sensitive data.<\/p>\n<div id=\"truncateDiv\">\n<p>The vulnerabilities have a Common Vulnerability Scoring System (CVSS) rating between 5.1 and 7.1 and a severity ranging from moderate to severe.  Malicious software and exploits may be able to exploit these flaws to access personal data such as a user\u2019s messages, location information, call history, and images.<\/p>\n<\/div>\n<div id=\"otherDiv\">\n<p>Trelix\u2019s findings align with prior work from Google and Citizen Lab, which in 2021 identified a new zero-day vulnerability called ForcedEntry, which was developed remotely and covertly by Israeli spyware maker NSO Group at the behest of its government customers. The exploit was used to hack into iPhones.<\/p>\n<p>To prevent use of the attack, Apple later improved its device security protections by including new code-signing mitigations that cryptographically confirm that the device\u2019s software is trusted and has not been altered.  However, Trelix claimed that Apple\u2019s mitigations are insufficient to prevent similar attacks.<\/p>\n<p>In a blog post, Trelix wrote that the latest issues affect NSPredicate, a program that lets programmers filter code.  After the ForcedEntry bug, Apple strengthened the NSPredicate limit by using the NSPredicateVisitor protocol.  Nonetheless, Trelix claimed that almost all NSPredicateVisitor implementations can be avoided.<\/p>\n<p>However, Apple has reportedly addressed these issues<span> With iOS 16.3 and macOS 13.2 out, more users should update their iPhones and MacBooks to stay secure.<\/span><\/p>\n<p>Security experts reported that CoreDutyD, a software that collects information about user behavior on a device, was the first vulnerability they discovered under this new class of flaws. <\/p>\n<p>It is possible for an attacker with the privileges of this process to execute a malicious NSPredicate and code in a process with the necessary entitlements, such as Messages or Safari.  The researchers said the user\u2019s calendar, address book and images are accessible to the attacker thanks to a process running as root on macOS.<\/p>\n<\/div>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"\/><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A team of security experts claims to have discovered a \u201cnew class\u201d of vulnerabilities that could enable attackers to circumvent tech giant Apple\u2019s security measures in iOS and macOS to access users\u2019 sensitive data. The vulnerabilities have a Common Vulnerability Scoring System (CVSS) rating between 5.1 and 7.1 and a severity ranging from moderate to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":19476,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[5],"tags":[1081,1082,332,1083,306,291,1085,350,1084],"class_list":["post-19475","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-real-estate","tag-apples","tag-bug","tag-data","tag-delete","tag-hackers","tag-iphone","tag-macbook","tag-photos","tag-steal"],"_links":{"self":[{"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/posts\/19475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/comments?post=19475"}],"version-history":[{"count":0,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/posts\/19475\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/media\/19476"}],"wp:attachment":[{"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/media?parent=19475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/categories?post=19475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/magicsheds.in\/index.php\/wp-json\/wp\/v2\/tags?post=19475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}