Apple has had to move quickly on the security front once again with the news that it has rushed out an emergency patch for Mac OS X systems.
It comes after Apple had rushed out a patch in late August for its iOS devices, after exploit code (dubbed Trident) alleged from a Middle East government could have turned the iPhone of a human rights activist into a spyware device with just one click.
The human right activist in question was Ahmed Mansoor who is based in the United Arab Emirates (UAE).
Mansoor had received a SMS message on his iPhone which contained a link that promised “new secrets” about detainees tortured in UAE jails, if he clicked on it.
But Mansoor was suspicious and instead sent the message to Citizen Lab researchers, who “recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.”
The exploit chain was called ‘Trident’, and once it had infected Mansoor’s iPhone, it would have turned the Apple device into a digital spy in his pocket, by utilising his camera and microphone. The spyware would have also recorded his WhatsApp and Viber calls, logged messages sent in mobile chat apps, and tracked his movements, said the Citizen Lab researchers.
But now it seems that the exploit also affects Apple desktop products as well after the iPad maker rushed out a further patch that tackles the same zero-day flaws in its Mac OS X desktop operating system, as well as the desktop version of its OS X Safari browser.
“You may not be a human rights activist, but the fact that it took Apple *days* to issue a fix for OS X users after patching the same vulnerabilities in iOS has opened an opportunity for others to potentially exploit them against desktop users,” warned security expert Graham Cluley.
“In an ideal world, Apple would have patched its mobile and desktop operating systems at the same time,” he blogged. “What we don’t know is whether Apple didn’t know the vulnerability was also present in OS X when it issued the iOS fixes, or whether it made the difficult decision to urgently update iOS even though its equivalent OS X fixes weren’t yet ready.”
Earlier this year security experts and a US government agency advised Windows users to immediately uninstall Apple’s media player Quicktime from their PCs. That warning came after Apple suddenly decided to no longer provide security updates for QuickTime for Windows, leaving the PC version vulnerable to exploitation.
Prior to that in March Apple users were urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that was affecting all previous versions of the software.
And Apple has also been accused by renowned security researcher Stefan Esserof of covering up possible security weaknesses by withdrawing his app from the App Store.
He alleged that Apple’s main motivation for the move was to maintain the appearance that iOS is secure.
Are you a security expert? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…