Apple Issues Patch For Mac OS X To Protect Against iOS Spying Flaw

Apple has had to move quickly on the security front once again with the news that it has rushed out an emergency patch for Mac OS X systems.

It comes after Apple had rushed out a patch in late August for its iOS devices, after exploit code (dubbed Trident) alleged from a Middle East government could have turned the iPhone of a human rights activist into a spyware device with just one click.

Why So Long?

The human right activist in question was Ahmed Mansoor who is based in the United Arab Emirates (UAE).

Mansoor had received a SMS message on his iPhone which contained a link that promised “new secrets” about detainees tortured in UAE jails, if he clicked on it.

But Mansoor was suspicious and instead sent the message to Citizen Lab researchers, who “recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.”

The researchers then discovered that the link led to a chain of iOS zero-day exploits that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.

The exploit chain was called ‘Trident’, and once it had infected Mansoor’s iPhone, it would have turned the Apple device into a digital spy in his pocket, by utilising his camera and microphone. The spyware would have also recorded his WhatsApp and Viber calls, logged messages sent in mobile chat apps, and tracked his movements, said the Citizen Lab researchers.

But now it seems that the exploit also affects Apple desktop products as well after the iPad maker rushed out a further patch that tackles the same zero-day flaws in its Mac OS X desktop operating system, as well as the desktop version of its OS X Safari browser.

“You may not be a human rights activist, but the fact that it took Apple *days* to issue a fix for OS X users after patching the same vulnerabilities in iOS has opened an opportunity for others to potentially exploit them against desktop users,” warned security expert Graham Cluley.

“In an ideal world, Apple would have patched its mobile and desktop operating systems at the same time,” he blogged. “What we don’t know is whether Apple didn’t know the vulnerability was also present in OS X when it issued the iOS fixes, or whether it made the difficult decision to urgently update iOS even though its equivalent OS X fixes weren’t yet ready.”

Apple Security

Apple has over the years enjoyed a good reputation when it comes to security, but it does have security vulnerabilities, and has had to issue a growing number of patches and updates of late.

Earlier this year security experts and a US government agency advised Windows users to immediately uninstall Apple’s media player Quicktime from their PCs. That warning came after Apple suddenly decided to no longer provide security updates for QuickTime for Windows, leaving the PC version vulnerable to exploitation.

Prior to that in March Apple users were urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that was affecting all previous versions of the software.

And Apple has also been accused by renowned security researcher Stefan Esserof of covering up possible security weaknesses by withdrawing his app from the App Store.

He alleged that Apple’s main motivation for the move was to maintain the appearance that iOS is secure.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago