Keeping your iPhone and Mac updated is one of the most important things you can do to protect your devices from hackers. And it turns out a newly discovered bug should give all Apple users cause for concern — and serve as reminder to update their gear.
Back in January, the Apple released iOS 16.3 and macOS 13.2 to address a number of major vulnerabilities. However, in a new blog post (opens in new tab), the cybersecurity firm Trellix has revealed that it discovered a brand new class of privilege execution bugs in both iOS and macOS. Fortunately, those aforementioned updates patched these flaws.
If you haven’t installed the latest updates yet, you absolutely should. These newly discovered bugs can be exploited by an attacker to gain access to your messages, call history, location data, photos and more on either your iPhone or Mac.
Bypassing a patch for a previous exploit
Apple’s devices are often considered more secure than their Android or Windows counterparts due to the limitations the company puts on apps installed on iOS and macOS.
For instance, apps developed for its platforms need to be signed by approved developers but they’re also sandboxed which prevents them from accessing parts of the company’s operating systems they shouldn’t. Apple also doesn’t allow them to dynamically run arbitrary code.
Back in 2021 though, the infamous NSO Group figured out a way to bypass some of Apple’s built-in protections. To do so, the group exploited the company’s NSPredicate system as it is one of the only elements of iOS and macOS that can dynamically generate code according to Digital Trends (opens in new tab). While this exploit known as FORCEDENTRY was quickly patched by Apple, the NSO group actually used it to develop its dangerous Predator spyware.
In its new research though, Trellix showed that these patches can be bypassed and this is how the company’s security researchers discovered this new class of privilege escalation bugs. Although hackers can exploit these bugs to spy on iPhone and Mac users, some of them can even be used to entirely wipe a vulnerable device.
Fortunately, Trellix alerted Apple about its discoveries and the company quickly patched these new bugs with the release of iOS 16.3 and macOS 13.2. However, Apple also recently released a series of emergency security updates in the form of iOS 16.3.1, macOS 13.2.1 and iPadOS 16.3.1 to patch a new WebKit zero-day.
How to protect your iPhone and Mac from hackers
When it comes to keeping your iPhone and Mac protected from hackers, the most important thing you can do is to ensure that your devices have the latest software updates installed as Apple frequently patches both known and unknown vulnerabilities. If you need help, here’s everything you need to know about how to update an iPhone and how to update a Mac.
Besides that, you may also want to install the best Mac antivirus software on your Apple computers for additional protection. As for your iPhone, there aren’t iPhone antivirus apps due to Apple’s own limitations but Intego Mac Premium Bundle X9 is the only Mac antivirus software that can also scan an iPhone or iPad connected to a Mac via USB for malware.
Hackers often prey on users that haven’t installed the latest updates yet so keeping your devices up to date is often the easiest way to stay one step ahead of them.