Trellix uncovers new privilege escalation bug on MacOS and iOS
The Trellix Advanced Research Center (TARC) has discovered a new type of privilege escalation bug on MacOS and iOS. These bugs could potentially allow attackers to gain elevated privileges on a device and execute malicious code.
Trelix discovered three new vulnerabilities in Apple’s systems, prompting Apple to issue a warning. To protect against potential attacks, the company has urged its users to update their devices to the most recent software versions.
The first vulnerability, according to Apple, is related to the iMessage app and could allow an attacker to remotely execute arbitrary code. The second flaw affects the Wi-Fi module and could allow an attacker to gain unauthorized access to a user’s device. The third flaw affects the Safari browser and could allow an attacker to execute arbitrary code on a user’s device via a malicious website.
TARC discovered the bugs while conducting system security research. The team discovered a flaw in how operating systems handle specific processes that can be used to gain elevated privileges. The two flaws were classified as a “new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, resulting in privilege escalation and sandbox escape on both macOS and iOS.”
The first flaw (CVE-2023-23520) is a race condition in the Crash Reporter component that could allow a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other vulnerabilities, credited to Trellix researcher Austin Emmitt, reside in the Foundation framework (CVE-2023-23530 and CVE-2023-23531) and could be weaponized to achieve code execution.
Apple has released updates for its operating systems, including iOS, macOS, and watchOS, to address these vulnerabilities. To protect against potential attacks, the company advises its users to update their devices as soon as possible.
The sources for this piece include an article in TheHackerNews.