Reporters Li Yuyang and Li Zhenghao reported in Shanghai
The iPhone 14 is about to be released, and the 0day (usually referred to as unpatched exploits in the cybersecurity world) level vulnerability is covered by Apple.
Recently, Apple was exposed to serious security vulnerabilities in its mobile phones, tablets, computers and other hardware products, and these vulnerabilities allow hackers to easily obtain "full administrative rights" of devices and run any software in their name. At present, Apple has not disclosed more details of the vulnerability, only that it was discovered by an anonymous researcher.
"A 0day level vulnerability is a vulnerability that has just been discovered and has not yet been made public, and the threat is very large." Members of the network sharp knife security team of the private Internet security organization fell and told the "China Business Daily" reporter that in view of Apple's own emphasis on security vulnerabilities, the occurrence of 0day level vulnerabilities is "relatively rare", but the vulnerability is not a ceiling level, it is recommended that Apple users upgrade the system in time.
360 Vulnerability Research Institute also told reporters that the impact of this vulnerability is very extensive, affecting almost all apple devices, such as iPhone, iPad, Mac, etc., but "from the perspective of historical attacks, attacks on Apple devices are mainly concentrated in specific high-value groups or some specific organizations, so for ordinary users, timely update the system, do not click on unknown links, and do not need to be too nervous."
For whether the vulnerability has been exploited, causing losses and how to deal with similar vulnerabilities in the future, the reporter contacted Apple China, as of press time has not been answered. However, at present, Apple has publicly claimed to have found a corresponding solution, while calling on users to download the latest update immediately to patch the vulnerability.
The vulnerability has been exploited
It is understood that the devices affected by this vulnerability cover the "Apple three-piece set" of mobile phones, tablets and computers: mobile phones include iPhone 6S and later models; Tablets include the fifth-generation and later iPads, all iPad Pros, and iPad Air 2; computers are Macs running MacOS Monterey. In addition, the vulnerability can also affect some models of iPods.
"From the information we have made publicly available, this vulnerability mainly exploits apple webKit code execution vulnerability (CVE-2022-32893) and apple kernel privilege elevation vulnerability (CVE-2022-32894)." Fall said that Apple Webkit is a browser engine, used in Safari, Mail, App Store, iOS and Linux, Apple Webkit in the processing of maliciously crafted Web content may lead to arbitrary code execution, in simple terms, apple kernel has a local privilege elevation vulnerability, "through out-of-bounds read and write, successful exploitation of this vulnerability can elevate local user rights to kernel permissions, and execute arbitrary code with kernel permissions."
It should be noted that CVE refers to Common Vulnerabilities and Exposures. For the analysis of the vulnerability, Zhang Xiaorong, president of the DeepInfound Science and Technology Research Institute, vividly called it equivalent to giving the hacker a master key, which can enter and exit the user's terminal at any time.
He also said that at present, there are already multiple security teams in China who have found that the vulnerability has been exploited, that is, there are external attacking organizations that are exploiting such vulnerabilities. "At present, the feedback from major security vendors (the vulnerability) has not been widely spread, and the details of the vulnerability have not been made public." He said.
In the security update released, Apple said that the vulnerability may have been used for attack behavior. "This is what we call a zero-day vulnerability , a vulnerability that has been used by hackers before the company discovers it and is able to respond." Jamie Collier, a senior threat intelligence adviser at Mandiant, said.
In the view of the aforementioned 360 Vulnerability Research Institute, although Apple used the word "possible" in the statement, the results and logic have shown that the vulnerability has been "exploited", and Apple not only fixed these two vulnerabilities, but also introduced new protective measures for attack methods, thereby increasing the difficulty of attacking similar vulnerabilities.
The safety test remains
Zhang Xiaorong pointed out that although the system vulnerabilities in Apple's terminals are much less than Windows, with the growth of Apple users, Apple systems have increasingly become the target of hacker attacks, and security vulnerabilities have become more and more serious. In fact, Apple has had many significant vulnerabilities in its history.
"For example, the Trident vulnerability in 2016, similar to the vulnerability repaired this time, is also through the browser that apple devices come with as an attack entrance, and only need to click on malicious links to attack the kernel and take over the device; There is also the 2021 FORCEDENTRY vulnerability, which should be the most influential vulnerability in Apple's history, because the victim does not need any clicks, and the attacker only needs to complete the attack by sending an iMessage message to the victim's phone. The aforementioned 360 Vulnerability Research Institute said.
There is an argument that hackers could exploit this vulnerability to get the user's iPhone hit without having to click on any link. In this regard, the aforementioned 360 vulnerability research institute pointed out that hackers want to use this vulnerability to invade Apple devices or need victims to click on the link, "because from the perspective of Apple's security announcement, Apple fixed these two vulnerabilities, one is a browser vulnerability, the other is a kernel vulnerability, these two vulnerabilities form a complete attack chain, the victim only needs to click on the malicious link sent by the hacker, the hacker can take over the Apple device."
Fallen thinks it needs to be interacted with. "Unless it is on the same local area network, the attacker uses specific hijacking methods to tamper with normal websites such as Baidu as vulnerability EXP, so that users can directly trigger the vulnerability as long as they visit Baidu." He pointed out that the attack path of hackers to exploit this vulnerability includes the proliferation within the local area network, such as the ARP (Address Resolution Protocol) spoofing under the same WiFi to implant this vulnerability, or through email, SMS and other phishing methods to let users click on the vulnerable link.
The reporter noted that on August 17 and 18, Apple China officially released system updates, including iOS 15.6.1, iPadOS 15.6.1, MacOS Monterey 12.5.1, watchOS 8.7.1 and Safari browser 15.6.1. Judging from the update tips, the above software is related to security, and Apple also reminds all users to install as soon as possible.
The above-mentioned 360 vulnerability research institute pointed out that the vulnerability is actually a new vulnerability old method, there is nothing too special in the attack method, but it is worth noting that in recent years, Apple has introduced a lot of effective security protection measures, constantly increasing the difficulty of the attack, which has also attracted widespread attention in the industry, and has been praised by the majority of security practitioners, "In this case, there are still wild vulnerability attacks, which is a major test and challenge for Apple."
For the general public, this loophole is unlikely to cause widespread problems. Usually, when vulnerabilities in mobile phones such as iPhones are exploited, they are often targeted, and attacks are generally concentrated in a small group of people. However, We recommend that users not let down their guard against digital security and privacy protection.
"Now that the information leakage is so serious, it is easy for others to get your information, if this vulnerability is widely disclosed, there should be a large number of people who leak information, such as sending them text messages or email messages in batches, tricking them into clicking." Therefore, he strongly advises users of digital products not to click on links of unknown origin, not to visit malicious websites, and to disclose free WiFi as much as possible.
![The highest discount is 2300 yuan! Apple announced the biggest price cut in history in China[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)