Tag Archive for: apple

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine

/in


Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari.

The bug, assigned as CVE-2024-23222, stems from a type confusion error, which basically is what happens when an application incorrectly assumes the input it receives is of a certain type without actually validating — or incorrectly validating — that to be the case.

Actively Exploited

Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. “Apple is aware of a report that this issue may have been exploited,” the company’s advisory noted, without offering any further details.

The company has released updated versions of iOS, iPadOS, macOS, iPadOS, and tvOS with additional validation checks to address the vulnerability.

CVE-2024-23222 is the first zero-day vulnerability that Apple has disclosed in WebKit in 2024. Last year, the company disclosed a total of 11 zero-day bugs in the technology — its most ever in a single calendar year. Since 2021, Apple has disclosed a total of 22 WebKit zero-day bugs, highlighting the growing interest in the browser from both researchers and attackers.

In parallel, Apple’s disclosure of the new WebKit zero-day follows on Google’s disclosure last week of a zero-day in Chrome. It marks at least the third time in recent months where both vendors have disclosed zero-days in their respective browsers in close proximity to each other. The trend suggests that researchers and attackers are probing almost equally for flaws in both technologies, likely because Chrome and Safari are also the most widely used browsers.

The Spying Threat

Apple has not disclosed the nature of the exploit activity targeting the newly disclosed zero-day bug. But researchers have reported seeing commercial spyware vendors abusing some of the company’s more recent ones, to drop surveillance software on iPhones of target subjects.

In September 2023, Toronto University’s Citizen Lab warned Apple about two no-click zero-day vulnerabilities in iOS that a vendor of surveillance software had exploited to drop the Predator spyware tool on an iPhone belonging to an employee at a Washington, D.C.-based organization. The same month,…

Source…

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

/in


As more companies ramp up development of artificial intelligence systems, they are increasingly turning to graphics processing unit (GPU) chips for the computing power they need to run large language models (LLMs) and to crunch data quickly at massive scale. Between video game processing and AI, demand for GPUs has never been higher, and chipmakers are rushing to bolster supply. In new findings released today, though, researchers are highlighting a vulnerability in multiple brands and models of mainstream GPUs—including Apple, Qualcomm, and AMD chips—that could allow an attacker to steal large quantities of data from a GPU’s memory.

The silicon industry has spent years refining the security of central processing units, or CPUs, so they don’t leak data in memory even when they are built to optimize for speed. However, since GPUs were designed for raw graphics processing power, they haven’t been architected to the same degree with data privacy as a priority. As generative AI and other machine learning applications expand the uses of these chips, though, researchers from New York–based security firm Trail of Bits say that vulnerabilities in GPUs are an increasingly urgent concern.

“There is a broader security concern about these GPUs not being as secure as they should be and leaking a significant amount of data,” Heidy Khlaaf, Trail of Bits’ engineering director for AI and machine learning assurance, tells WIRED. “We’re looking at anywhere from 5 megabytes to 180 megabytes. In the CPU world, even a bit is too much to reveal.”

To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target’s device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others’ data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn’t be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries…

Source…

Critical Bluetooth flaw could take over Android, Apple, Linux devices

/in


A critical Bluetooth security bug that’s reportedly been lurking about for several years can potentially be exploited by attackers to take control of Android, Linux, macOS, and iOS machines.

The flawCVE-2023-45866 — is an authentication bypass that lets attackers connect susceptible devices and inject keystrokes to achieve code execution as the victim.

In a GitHub blog post Dec. 6, SkySafe researcher Marc Newlin said the flaw works “by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user confirmation.”

Newlin went on to write that the underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker. He said full vulnerability details and proof-of-concept scripts will be released at an upcoming conference, and he will update the original document with conference details when available. Newlin’s blog also contains available patch information.

Cyware Director Emily Phelps explained that in this exploit, adversaries fool the Bluetooth system of a device into thinking it’s connecting to a fake keyboard — without user confirmation. This issue stems from a part of the Bluetooth rules that let devices connect without needing authentication.

“Exploiting this vulnerability lets malicious hackers remotely control someone’s device,” said Phelps. “They can download apps, send messages, or run various commands depending on the operation system.”

Phelps said if patches are available for this vulnerability, security teams should fix the issue immediately. For devices that are awaiting the fix, security teams should monitor for updates and patches. They should also make staff aware of the issue and offer mitigation recommendations, such as disabling Bluetooth when not in use.

When devices communicate there’s first a “handshake” where the two systems agree to communicate with each other, explained John Gallagher, vice president of Viakoo Labs. What the attacker took advantage of, Gallagher continued, is the many IoT devices, such as Bluetooth keyboards, want to make that handshake as easy as possible, especially since the keyboard can’t be used until the…

Source…

Apple Security Update Fixes Zero-Day Webkit Exploits

/in


Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs.

Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. The vulnerabilities were discovered by Google’s Threat Analysis group, which has been working on fixes for active Chrome vulnerabilities this week as well.

Jump to:

What are these Apple OS vulnerabilities?

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” according to Apple’s post about the security updates on Nov. 30. This implies that attackers may be actively using the vulnerabilities.

Apple’s update said the problem originated in WebKit, the engine used for Apple’s browsers, where “processing web content may lead to arbitrary code execution.” The updates fix an out-of-bounds read through improved input validation and repair a memory corruption vulnerability using improved locking.

SEE: Attackers have launched eavesdropping attacks on Apple devices over the last year. (TechRepublic) 

The first vulnerability, the out-of-bounds read, is tracked as CVE-2023-42916. The update addressing it is available for:

  • iPhone XS and later.
  • iPad Pro 12.9-inch 2nd generation and later.
  • iPad Pro 10.5-inch.
  • iPad Pro 11-inch 1st generation and later.
  • iPad Air 3rd generation and later.
  • iPad 6th generation and later.
  • iPad mini 5th generation and later.

The second vulnerability, the memory corruption, is tracked as CVE-2023-42917. The update addressing it is available for:

  • iPhone XS and later.
  • iPad Pro 12.9-inch 2nd generation and later.
  • iPad Pro 10.5-inch.
  • iPad Pro 11-inch 1st generation and later.
  • iPad Air 3rd generation and later.
  • iPad 6th generation and later.
  • iPad mini 5th generation and later.

Information is sparse about the vulnerabilities, which Apple said were investigated by Clément Lecigne at Google’s Threat Analysis Group; the group’s stated mission is to “counter government-backed attacks.”

Remediation and protection against the WebKit exploits

Apple users should be sure they are…

Source…