MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1420529
If you haven’t heard, three iOS 0-day vulnerabilities were made public recently by security researcher Denis Tokarev: “A Gamed bug that could allow a malicious app to access user data, including the user’s Apple ID email and associated full name, Apple ID authentication data, as well as contact data and metadata. A Nehelper bug that could allow a malicious app to see what other apps are installed on a user’s device. A Nehelper bug that could allow a malicious app to access Wi-Fi information without the required permissions.” While the 0-days are exploitable under certain conditions, a Motherboard piece says that Tokarev and other security experts can’t consider the bugs to be critical, since they “could only be exploited by a malicious app that would need to get on the App Store and then on people’s devices”. The bugs, however, aren’t the biggest story here. These 0-days received so much media attention because Tokarev published his findings before Apple had issued security patches. However, according to the security researcher, this was only because the company had been unresponsive and had “ignored” his most recent email. According to the Motherboard piece: “Tokarev reported the vulnerabilities to Apple between March 10 and April 29, but the last time he heard back from Apple about the three vulnerabilities was August 6, August 12, and August 25, respectively. Then the researcher said he told Apple on September 13 he would publish details of the bugs unless he heard back. It was only after he went public with details about the unpatched bugs that Apple reached out.” As SecureMac’s Nicholas Ptacek remarked in a quote for the Motherboard report: “While I’m glad Apple appears to be taking this particular situation more seriously now, it comes across as more of a reaction to bad press than anything else.” Tokarev’s frustrating experience with the Apple Security Bounty program is, unfortunately, not unique. A number of prominent Mac security researchers have also reported problems with Apple’s responsiveness (or lack thereof). The KrebsOnSecurity piece notes that Bobby Rauch, the researcher who found the AirTag vulnerability, faced similar difficulties: “Apple never acknowledged basic questions he asked about the bug, such as if they had a timeline for fixing it, and if so whether they planned to credit him in the accompanying security advisory.” Unfortunately, this doesn’t just affect independent security researchers, but everyone who uses Apple platforms. As KrebsOnSecurity points out, there is a real risk that “some researchers may decide it’s less of a hassle to sell their exploits to vulnerability brokers, or on the darknet”, or that “frustrated researchers will simply post their findings online for everyone to see and exploit”. Apple has improved their relationship with the third-party security community in recent years … but it’s clear that there’s still a lot of work to be done. About SecureMac Founded in 1999, SecureMac (www.securemac.com) has been a leading contributor to Apple security since the 2005 release of the original MacScan anti-malware tool. In the years since, SecureMac has continued to play an essential role in providing macOS users with straightforward options for better security. From the development of the faster and more powerful MacScan 3 to the company’s ongoing development of online privacy tool PrivacyScan, users can easily equip themselves for protection. With the addition of The Checklist, SecureMac continues to showcase a deep commitment to accessible security and the importance of digital awareness for all Mac users. For more info visit https://www.securemac.com/