Apple: Zero-Days

By September 22, 2016Lifestyle

A previously unknown vulnerability has been discovered in Apple’s iOS which can allow the attacker to take control of the victim’s device. Ivan Krstic who is the head of Apple’s security engineering and architecture told a rapt audience at the Black Hat security conference that his notoriously secretive company was ready to open up its vulnerability reporting process to researchers. And the name of that new process is Apple zero-day. This feature marks a new era of mobile hacking.

A new Zero-Day vulnerability has been discovered in iOS devices where a user’s device could be hijacked completely by a hacker and he/she could spy on the user’s calls, emails, messages, etc. This Apple zero-day highlights how mobile devices are being targeted increasingly by hackers today. Since mobile devices store a lot of sensitive information today and hackers find them attractive targets. Mostly people believe that mobiles are more secure than computers, which allows hackers to succeed more easily.

Citizen Lab and Lookout researchers detected an active spyware capable of exploiting three iOS zero-day vulnerabilities. The vulnerabilities show that hackers are increasingly turning their focus on mobile devices. And Apple’s increased focus on detecting zero-days shows that companies are striving to keep up. The iPhones are often thought to be more secure than desktop computers and network infrastructure, so vulnerability research and hacking have been focused on those weaker devices. But the revelation of zero-days for Apple’s robust iOS security system marks a new era, in which the focus is heavily on mobile.

Generally, a zero-day vulnerability discovered within Apple’s OS X operating system allows hackers to exploit key protection features and steal sensitive data from devices. At the security conference SysCan360 2016 in Singapore, Pedro Vilaça who is the researcher in SentinelOne said, “Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection. It was reported to Apple and patches will be available soon. This zero-day vulnerability is present in all versions of Apple’s OS X operating system”.

The issue was discovered in early 2015 and was reported to Apple in January 2016. The flaw has been patched but only in updates for El Capitan 10.11.4, and iOS 9.3, which was released on March 21. Apple has acted quickly to roll out updates for this issue. The company was notified of it on August 15, and they had patched all three zero-day vulnerabilities within a week. Apple’s turnaround is impressive because many security companies allow the company for 90 days about the same.

If your iOS or OS X device is running on an older version of the operating system then you should update as soon as you can to mitigate the risk of this zero-day vulnerability.

To update the latest version of iOS, users should access the Settings application on iPhones and iPads, followed by ‘General’ and ‘Software Update’.

Leave a Reply

© 2018 Campfire.