Operations

Apple Releases Wave of Security Updates

Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.

Apple has released a set of updates to its operating system across its range of hardware, from the Apple Watch to the Mac. While the updates cover a number of issues, a USB attack and its prevention may be the most important among them.

The mass release isn't unusual behavior for Apple, says Thomas Reed, director of Mac and mobile at Malwarebytes Labs. "When Apple releases these updates, they tend to release one for each of their products," Reed says. "They'll release a whole bunch of these on the same date."

Apparent from an inspection of the issues addressed in the MacOS update is that companies continue to deal with fallout from the Meltdown and Spectre vulnerabilities. On the website announcing the updates, Apple describes one vulnerability in which " ... one process may infer register values of other processes through a speculative execution side channel that infers their value." This could be the broad description of the entire family of Meltdown vulnerabilities.

Reed describes most of the remaining updates as important but not particularly unusual. One, though, has seen a great deal of attention from analysts and law enforcement officials: USB Restricted Mode.

USB Restricted Mode is a new feature that prevents data from being downloaded from an iOS device unless the device has been unlocked within the past hour. The new restriction seems targeted against devices like the GreyLock, which law enforcement agencies have purchased and used to conduct forensic analysis on iPhones and iPads.

"Companies don't want to make things harder specifically for law enforcement, but we've seen these devices being used by bad actors or bad governments," Reed says. At the same time, he notes a limitation in the restriction: "I don't understand why they didn't just make it so you have to unlock the device every time, rather than having the one-hour limit."

That one-hour window in which data can be downloaded from the device has been seized on by analysts and journalists as a significant flaw in the protection. Oleg Afonin, who blogs at Elcomsoft.com, explains that plugging an accessory (just about any accessory, at that) into the Lightning jack during the one-hour window can easily extend the window of vulnerability indefinitely.

While Afonin's tests showed that USB Restricted Mode operates as planned in most cases – holding the ports closed through reboots and protecting the device from unauthorized data exfiltration – the ability to work around the mode with a simple accessory is a critical weakness.

Even with this limitation, Reed says that applying the updates and patches is critical for the security of all affected Apple devices. "The more important thing for people to know about the updates is just how important it is to install them," he says. And the reason is one of the paradoxical qualities of software patching.

"Just as soon as they're out there, the information on what was patched is published, and hackers have a clue about how they could hack people with the older systems," Reed explains. "It's almost like the update makes the older systems even more vulnerable."

Related Content:

 

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
johnsmith2679
50%
50%
johnsmith2679,
User Rank: Apprentice
9/17/2018 | 8:13:13 AM
Apple ID Support Number
Apple products come with a lot of security apps which encrypt the photo, videos, messages, emails, contacts, etc

In apple product, it is too difficult to break the security passwords. Its security system updated from time to time and the virus definition is also updated from time to time, For more security apple uses Apple ID for each and every single product of Apple like iPhone iPad etc. If you forget your Apple ID and if you lost your password contact to Apple ID Support Number To recover your Apple ID and Password
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8360
PUBLISHED: 2019-02-16
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8361
PUBLISHED: 2019-02-16
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8362
PUBLISHED: 2019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o...
CVE-2019-8363
PUBLISHED: 2019-02-16
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.