Apple has yet to patch a major vulnerability that they have known about since January 27 and was exposed at Hack in the Box last week. Using software exposed yesterday at Black Hat Asia, an attacker can swap out legitimate versions of apps, developed with the said certificate, in order to spy on users and gain elevated privileges on the device that expose contacts, messaging, photos, the microphone and more. There are more details to the story here: https://wp.me/p3AjUX-uNh. Here to comment on this news is security expert Kevin Bocek, Chief Security Strategist at Venafi.
Kevin Bocek, Chief Security Strategist, Venafi:
This attack shows just how powerful certificates have become as potential weapons. Cryptographic keys and digital certificates form the foundations of trust online and enable our software and devices to whether something should be trusted or not. Issuing free unvalidated Apple certificates is now a fast-track to enabling malware to installed. There are already well over 20 million malware samples authenticated by digital certificates. Bad guys know what powerful weapons digital certificates have become. It’s past due that we learn from our human immune system and apply that to the digital world to know which certificates should be trusted and who is friend or foe.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…