5 Most Serious iOS Security Vulnerabilities Reported in 2020
Courtesy of Pixabay.
The year 2020 has been a busy one for Apple. Some of the tech company’s high moments include the release of the iPhone 12 in October and the upgrade of iOS to version 14 a month earlier.
There were also low moments. At the top of the list is the discovery of several security vulnerabilities in its products, particularly the operating systems.
According to one report in October, over 55 vulnerabilities had been discovered in the previous three months alone. In that period, the company paid over $300,000 in bug bounty rewards.
The following are five of the iOS security vulnerabilities that were discovered, reported, and most talked about in the second half of 2020:
1. The malicious font file
This is an iOS vulnerability that was first discovered, reported, and fixed in early October. It included three holes that could be exploited through a specially crafted font to achieve arbitrary code execution.
In addition to iOS, the problem was also observed in iPadOS, watchOS, and macOS.
By the end of December or around early December, a similar problem was discovered by Mateusz Jurczyk of Google Project Zero. This forced Apple to carry out another round of the operating software (iOS 14) update to fix it.
2. Jailbreaking Apple’s T2 security chip
This is not actually a new iPhone and iOS vulnerability. What is new is the discovery that two exploits initially used to jailbreak iPhone can now be used on other Apple devices, in particular Macs and MacBook devices.
In early October, discussions appeared on several online platforms about the possibility of using checkm8, an exploit discovered a year earlier, and Blackbird, a vulnerability first disclosed this August, together to break the T2 security chip of the other devices.
This allows an attacker to install malware, retrieve encrypted data, or change the operating system software in one way or another.
3. Malware in the app store
Apple store has built itself a reputation for having a strict process of allowing third parties to publish apps. Before apps are approved, developers have to submit them for a thorough security audit.
This is meant to protect users from harmful and malicious content.
However, it turns out that the steps put in place so far have not been thorough enough. Peter Dantini, a security researcher with a lot of experience with Apple products, recently announced his discovery of malware in the Apple store disguised as applications.
Of course, that calls for users to be extra careful about what applications they download from the store.
4. Vague policy on data sharing
For a long time, Apple has projected itself as a company that puts the privacy of its users above any interests.
In recent months the company has taken some steps meant to assure users about their privacy.
The company just made it mandatory for apps in the iOS App Store to display labels that provide information about their privacy policies. That includes what data the app collects, who it shares it with, and its use.
This action followed a push from privacy activists from around the world who have challenged Apple about facilitating the collection, use, and storage of data without consent from who it is collected.
However, this step is not ensuring users when keenly interrogated. In particular, there are questions as to how it will work. It is not clear how Apple will make sure app developers and publishers actually tell the truth.
It is also not clear how consumers are given the capacity to understand what it all means.
5. Missing GPS data
After the release of iOS, those who updated their devices noticed a problem. It was especially a major issue if you are a fitness enthusiast and use your Apple watch, and by extension, your phone to monitor your physical activity.
All the GPS, workout route maps, and other forms of data seemed to disappear. This is an experience that many users from around the world reported.
Apple’s solution is for users to unpair the devices, erase their content, and restore system settings. This, however, means what you previously had could not be recovered.
Wrapping up – What can iOS users do?
It is important to point out that for most of such vulnerabilities, there is little you can do as an end-user. You can only wait for the development team to create patches before you update the core software on your device to fix the problem.
However, there are a few cases where you can guard against possible exploits by regularly changing and protecting your passwords and also securing your internet connection using security tools such as a VPN for iOS. These measures are even more critical considering you will never know of the majority of the vulnerabilities discovered.
Conclusion
Apple products remain the most secure, especially when you consider the competition out there (in particular Android). However, the vulnerabilities in its products tell us that we shouldn’t expect any tech company to do everything right when it comes to security and privacy.
