Apple Issues Patch For Mac OS X To Protect Against iOS Spying Flaw

Apple has had to move quickly on the security front once again with the news that it has rushed out an emergency patch for Mac OS X systems.

It comes after Apple had rushed out a patch in late August for its iOS devices, after exploit code (dubbed Trident) alleged from a Middle East government could have turned the iPhone of a human rights activist into a spyware device with just one click.

Why So Long?

The human right activist in question was Ahmed Mansoor who is based in the United Arab Emirates (UAE).

Mansoor had received a SMS message on his iPhone which contained a link that promised “new secrets” about detainees tortured in UAE jails, if he clicked on it.

But Mansoor was suspicious and instead sent the message to Citizen Lab researchers, who “recognised the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.”

The researchers then discovered that the link led to a chain of iOS zero-day exploits that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.

The exploit chain was called ‘Trident’, and once it had infected Mansoor’s iPhone, it would have turned the Apple device into a digital spy in his pocket, by utilising his camera and microphone. The spyware would have also recorded his WhatsApp and Viber calls, logged messages sent in mobile chat apps, and tracked his movements, said the Citizen Lab researchers.

But now it seems that the exploit also affects Apple desktop products as well after the iPad maker rushed out a further patch that tackles the same zero-day flaws in its Mac OS X desktop operating system, as well as the desktop version of its OS X Safari browser.

“You may not be a human rights activist, but the fact that it took Apple *days* to issue a fix for OS X users after patching the same vulnerabilities in iOS has opened an opportunity for others to potentially exploit them against desktop users,” warned security expert Graham Cluley.

“In an ideal world, Apple would have patched its mobile and desktop operating systems at the same time,” he blogged. “What we don’t know is whether Apple didn’t know the vulnerability was also present in OS X when it issued the iOS fixes, or whether it made the difficult decision to urgently update iOS even though its equivalent OS X fixes weren’t yet ready.”

Apple Security

Apple has over the years enjoyed a good reputation when it comes to security, but it does have security vulnerabilities, and has had to issue a growing number of patches and updates of late.

Earlier this year security experts and a US government agency advised Windows users to immediately uninstall Apple’s media player Quicktime from their PCs. That warning came after Apple suddenly decided to no longer provide security updates for QuickTime for Windows, leaving the PC version vulnerable to exploitation.

Prior to that in March Apple users were urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that was affecting all previous versions of the software.

And Apple has also been accused by renowned security researcher Stefan Esserof of covering up possible security weaknesses by withdrawing his app from the App Store.

He alleged that Apple’s main motivation for the move was to maintain the appearance that iOS is secure.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

19 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

20 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

21 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago