Privacy expert warns over sneaky Apple bug that gives hackers access to photos and messages

READ MORE: Teacher stabbed to death in classroom by 16-year-old student

“Part of these security measures involves all apps being ‘signed’ by an Apple developer certificate. Apps are also limited in the actions they can perform – effectively being kept within their ‘sandbox.’

“It makes it difficult for hackers to introduce malicious code that can exploit the operating system’s software, or to access other, unauthorized apps or services on the phone or computer.

“CVE-2023-23520 and CVE-2023-23531, as they’ve been titled, allow attackers to bypass this cryptographic signing process and run malicious code out of its ring-fenced security sandbox”.

Most alarmingly, these are “zero-click” exploits, which means that victims don’t even need to click on a link to be affected.

the potential exploits, for the time being, even devices running the latest macOS could be at risk.

The issue was first detected in September 2021 and was fixed by Apple, but more intelligence is being used to target new vulnerabilities using the same approach.

Current macOS software (macOS Ventura 13.2.1) does not contain fixes for these two vulnerabilities and although Apple is aware of the potential exploits, for the time being, even devices running the latest macOS could be at risk.

What can be accessed?

Once a vulnerability has been found, the cyber attacker can access sensitive information located anywhere on your device, including:

Calendars, addresses, photos and videos, and stored files could all be at risk.

Attackers could use this route to Install other malicious applications.

Hackers could potentially even spy on users using their own audio or video capabilities.

How to protect your device?

Since these vulnerabilities still exist – and it’s expected that more ways to exploit them will be discovered – Apple users are advised to exercise the usual precautions:

• Only use trusted applications from the App Store. While you can’t install custom apps from elsewhere, there have been historical examples of apps gathering more data than they should or performing malicious actions.
• Don’t trust unknown devices when connecting your phone. Your iPhone will ask you whether to trust a computer when connecting via USB. Better yet, don’t connect your phone at all, unless it’s your own computer.
• Don’t click on links or even open messages from unknown senders if you don’t know who sent them and for what purpose. Just delete them.
• Keep your Apple devices up to date with the latest available operating system software. Turn on automatic downloads to ensure that you don’t miss security updates.

“Unfortunately, zero-click exploits are almost impossible to defend against, even when following the advice above.

“That’s why they’re commonly used against high-profile targets, and even by government intelligence services to monitor targets,” Mr. Bulvshtein said.

It is understood that for everyday users, these kinds of attacks are far less common, and security researchers are working around the clock to find them before hackers do.

“So, monitor your devices for security patches, and install them as soon as they land.”

READ NEXT:

• Madeleine McCann latest: All the ‘evidence’ so far from young woman claiming to be missing child

• Urgent recall issued for Argos and Currys customers in Ireland over fire risk with vacuum

• Cost of living measures - 12 key points in Government announcement on social welfare, taxes, bills

• Ireland weather: High pressure system 'sending Jet Stream North' amid cold snap warning as snow arrives

• Paul Mescal's local pub offers star free pints saying he was a 'good regular'

• before fame

Get breaking news to your inbox by signing up to our newsletter