Apple software users are being warned over a 'bug' that could give hackers a way to access your photos and messages. The issue means cybercriminals could bypass iOS security protection features.
This would give attackers the ability to retrieve call history, messages, and photos from the device, according to research from cybersecurity company Trellix. The problem is thought to have first surfaced in September 2021 with Apple releasing an update to stop it.
Privacy expert, Christopher Bulvshtein from VPN and cyber security reviews website VPNOverview said: "Apple has stringent restrictions around what software can run on devices. Android, as an alternative, allows third-party app downloads, which is why we commonly see more Android malware. Part of these security measures involves all apps being “signed” by an Apple developer certificate. Apps are also limited in the actions they can perform – effectively being kept within their “sandbox.”
"It makes it difficult for hackers to introduce malicious code that can exploit the operating system’s software, or to access other, unauthorized apps or services on the phone or computer. CVE-2023-23520 and CVE-2023-23531, as they’ve been titled, allow attackers to bypass this cryptographic signing process and run malicious code out of its ring-fenced security sandbox.
"Worryingly, these are “zero-click” exploits – victims don’t even need to click on a link to be affected. Current macOS software (macOS Ventura 13.2.1) does not contain fixes for these two vulnerabilities."
He added: "Unfortunately, zero-click exploits are nigh-on impossible to defend against, even when following the advice above. That’s why they’re commonly used against high-profile targets, and even by government intelligence services to monitor targets.
"For everyday users, these kinds of attacks are unlikely to be common, and security researchers work constantly to find them before hackers do. So, monitor your devices for security patches, and install them as soon as they land."
Apple says that "for our customers' protection" it does not discuss, or confirm security issues until an investigation has occurred and patches or releases are available.
How to protect your device
- Only use trusted applications from the App Store
- Don’t trust unknown devices when connecting your phone. Your iPhone will ask you whether to trust a computer when connecting via USB. Better yet, don’t connect your phone at all, unless it’s your own computer.
- Don’t click on links or even open messages from unknown senders if you don’t know who sent them and for what purpose. Just delete them.
- Keep your Apple devices up to date with the latest available operating system software. Turn on automatic downloads to ensure that you don’t miss security updates.
