New Privilege Escalation Bug Class Discovered on macOS and iOS
According to a report by Trellix researchers, a security flaw in Apple iOS and MAC OS could potentially allow unauthorized access to users’ messages, calendar, location, address book, and photos.
The vulnerability was in fact related to the FORCEDENTRY bug, a 0-click iOS remote code execution discovered in 2021, and serving as a major attack vector for the notorious Pegasus malware.
While Apple patched the vulnerability soon after receiving the bug report, researchers recently found that it could still be exploited to infiltrate iOS and macOS devices, allowing attackers with code execution privileges bypass codesigning and execute arbitrary codes, potentially allowing access to users’ data and even wipe the device.