Security news that informs and inspires

Apple Patches iOS Zero Day, TCC Bypass in macOS

Apple has released a fix for a vulnerability in older versions of iOS that has been actively exploited.

The bug was first disclosed in mid-February when Apple patched it in newer versions of Safari, iOS, and macOS and warned that it may have been exploited already. But at the time, the company did not have a patch ready for iOS 15, which runs on older iOS devices, such as iPhone 6s, iPhone 7, iPhone SE, and iPad Air 2 and Mini.

On Monday, Apple published a new version of iOS 15 that includes a patch for CVE-2023-23529, which is in the WebKit framework.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the Apple advisory says.

The new version of iOS 15 is 15.7.4.

There are also many vulnerabilities fixed in iOS 16.4, including a serious flaw in iCloud that could allow anyone who had access to a shared iCloud folder to bypass the Gatekeeper security feature and gain control of a victim’s device.

In addition to the update for iOS 15 and 16, Apple also released new versions of iOS 16, macOS Big Sur, Monterey, and Ventura, all of which contain patches for serious security vulnerabilities. Perhaps the most serious of those bugs is a vulnerability in the Archive Utility in macOS that can allow an attacker to bypass the Gatekeeper security system in macOS. In fact, one of the researchers who discovered the flaw, Csaba Fitzl of OffSec, said that the vulnerability could be used to bypass the Transparency, Consent and Control mechanism in the OS.

The TCC feature is designed to ensure that only specific components have access to sensitive inputs, such as the microphone, screen capture, or camera. TCC has been in macOS for five years, and there has been at least one example of a piece of malware that has abused a separate vulnerability to bypass TCC. Last year, researchers at ESET discovered a backdoor called CloudMensis that had the ability to exploit CVE-2020-9934 to force TCC to load a database that the malware controls.

There also is a pair of kernel vulnerabilities in macOS that can allow attackers to to use a malicious app to execute code with kernel privileges.

The updated versions of macOS are Ventura 13.3, Monterey 12.6.4, and Big Sur 11.75.