Operations

7/11/2018
07:30 AM
50%
50%

Apple Releases Wave of Security Updates

Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.

Apple has released a set of updates to its operating system across its range of hardware, from the Apple Watch to the Mac. While the updates cover a number of issues, a USB attack and its prevention may be the most important among them.

The mass release isn't unusual behavior for Apple, says Thomas Reed, director of Mac and mobile at Malwarebytes Labs. "When Apple releases these updates, they tend to release one for each of their products," Reed says. "They'll release a whole bunch of these on the same date."

Apparent from an inspection of the issues addressed in the MacOS update is that companies continue to deal with fallout from the Meltdown and Spectre vulnerabilities. On the website announcing the updates, Apple describes one vulnerability in which " ... one process may infer register values of other processes through a speculative execution side channel that infers their value." This could be the broad description of the entire family of Meltdown vulnerabilities.

Reed describes most of the remaining updates as important but not particularly unusual. One, though, has seen a great deal of attention from analysts and law enforcement officials: USB Restricted Mode.

USB Restricted Mode is a new feature that prevents data from being downloaded from an iOS device unless the device has been unlocked within the past hour. The new restriction seems targeted against devices like the GreyLock, which law enforcement agencies have purchased and used to conduct forensic analysis on iPhones and iPads.

"Companies don't want to make things harder specifically for law enforcement, but we've seen these devices being used by bad actors or bad governments," Reed says. At the same time, he notes a limitation in the restriction: "I don't understand why they didn't just make it so you have to unlock the device every time, rather than having the one-hour limit."

That one-hour window in which data can be downloaded from the device has been seized on by analysts and journalists as a significant flaw in the protection. Oleg Afonin, who blogs at Elcomsoft.com, explains that plugging an accessory (just about any accessory, at that) into the Lightning jack during the one-hour window can easily extend the window of vulnerability indefinitely.

While Afonin's tests showed that USB Restricted Mode operates as planned in most cases – holding the ports closed through reboots and protecting the device from unauthorized data exfiltration – the ability to work around the mode with a simple accessory is a critical weakness.

Even with this limitation, Reed says that applying the updates and patches is critical for the security of all affected Apple devices. "The more important thing for people to know about the updates is just how important it is to install them," he says. And the reason is one of the paradoxical qualities of software patching.

"Just as soon as they're out there, the information on what was patched is published, and hackers have a clue about how they could hack people with the older systems," Reed explains. "It's almost like the update makes the older systems even more vulnerable."

Related Content:

 

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
johnsmith2679
50%
50%
johnsmith2679,
User Rank: Apprentice
9/17/2018 | 8:13:13 AM
Apple ID Support Number
Apple products come with a lot of security apps which encrypt the photo, videos, messages, emails, contacts, etc

In apple product, it is too difficult to break the security passwords. Its security system updated from time to time and the virus definition is also updated from time to time, For more security apple uses Apple ID for each and every single product of Apple like iPhone iPad etc. If you forget your Apple ID and if you lost your password contact to Apple ID Support Number To recover your Apple ID and Password
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...