He came quietly, and silently our privacy was taken away. When our fingers touch the Apple products silky and enjoy the comfort brought to us, a pair of black pupils are also secretly peeping at our bits and pieces in the virtual world.

The "sweet spot" Safari

Recently, the cybersecurity team discovered that the iPhone is not as secure as we thought. There is a vulnerability in the IndexedDB API in the WebKit engine of the iPhone browser Safari, which could lead to the disclosure of our browsing activity and even the identity of the user to anyone exploiting this vulnerability. IndexedDB is a widely used browser API. To prevent data leakage caused by cross-site scripting attacks, IndexedDB follows a "same-origin" policy to control which resources can access each piece of data.

However, analysts at FingerprintJS found that the IndexedDB API did not follow the same-origin policy in WebKit apps used by Safari 15 on macOS, leading to the disclosure of sensitive data. The privacy violation vulnerability also affects web browsers that use the same browser engine in the latest iOS and iPadOS versions.

The implementation of IndexedDB in Safari 15 on iOS, iPadOS, and macOS allows any website to draw database names created in the same session by violating the same-origin policy, which is essentially as if database names are usually unique and website-specific Browsing history leaked to anyone the same.

According to analysts, identifying someone through this vulnerability requires logging in and accessing popular websites such as YouTube and Facebook, or services such as Google Calendar and Google Keep.

It's worth noting that since this is an existing vulnerability in WebKit, any browser that uses this particular engine (for example, Brave or Chrome for iOS) is also vulnerable. The vulnerability was reported to the WebKit Bug Tracker on November 28, 2021, and the vulnerability remains unresolved.

"Awake" iOS

An attack known as "NoReboot" doesn't require exploiting any vulnerabilities on iOS, but relies on human-level deception, so Apple can't patch it.

Security researchers have discovered that a Trojan proof-of-concept tool can inject specially crafted code into three iOS processes to fake shutdowns by disabling iPhone shutdown commands. The trojan hijacks the shutdown event by hooking the signal sent to the "SpringBoard" (the user interface interaction process). Instead of the expected signal, the Trojan will send a code that forces "SpingBoard" to quit, making the device unresponsive to user input. In this case, it's perfect camouflage, as the device that goes into a powered-off state naturally no longer accepts user input. Next, command the "BackBoardd" process to display a spinning wheel indicating that the shutdown process is in progress.

"BackBoardd" is another iOS process that records physical button clicks and time-stamped screen touch events, so misusing it could let the Trojan know when the user tries to "turn on" the phone.

By monitoring these actions, the user can be tricked into releasing the button earlier than they should, avoiding an actual forced restart.

Apple introduced a new feature in iOS 15 that allows users to locate their iPhone with Find My even when it's powered off. The researchers found that it does so by keeping the Bluetooth PM chip active and running automatically when the iPhone is turned off. When all user interaction with the device is turned off, the Bluetooth chip continues to advertise its presence to nearby devices by operating in low power mode, albeit at intervals greater than the default 15 minutes. The iPhone, which was turned off, is actually still "low-key" activity.

"The Gate of Life" macOS

Microsoft research has found that the powerdir vulnerability allows unauthorized access to protected macOS user data, which hackers can exploit to bypass Transparency, Permission and Control (TCC) techniques to gain access to user-protected data.

TCC is a security technology designed to prevent applications from accessing sensitive user data by allowing macOS users to configure privacy settings for applications installed on their systems and devices connected to their Macs, including cameras and microphones.

While Apple restricts TCC access to apps with full disk access and sets up features to automatically block unauthorized code execution, Microsoft security researchers have discovered that an attacker could plant a second specially crafted TCC database , allowing them to access protected user information.

If the vulnerability is exploited on an unpatched system, hackers could plan attacks based on users' protected personal data. For example, attackers could hijack an app installed on a device — or install a malicious app of their own — and access the microphone to record private conversations or capture screenshots of sensitive information displayed on a user's screen.

A little miss, a little regret

Although Apple has stumbled and stumbled along the way, she has had Jobs who have been "job", an era that people miss, Apple who has "different me", and Apple who has been "thinking about change" Apple, has always been "progressive" Apple.