Apple, which has suffered from a lack of battery performance in recent years, is showing defects in security. Apple has been keeping a unique closed platform to the point where the FBI and iPhone are unlocking, and it boasts of `tight security`, but it is pointed out that the closure policy is rather anger.

According to the security industry on January 7, a fatal vulnerability was found in Apple`s Mac OS. A security expert who uses the nickname "Siguza" recently unveiled the `IOHIDeous` vulnerability in the Mac OS `IOHID family kernel` via his Twitter. IOHID is a kernel designed for compatibility with peripherals such as touch-pads and mice.

The vulnerability allows hackers to access all Mac OS versions of the system, execute arbitrary code, and gain root privileges. Especially, Mac OS security functions such as `System Integrity Protection (SIP)` and `Apple Mobile File Integrity (AMFI)` are disabled.

Apple did not run a "bug bounty" on the Mac OS, so the security experts disclosed the vulnerability to Apple online without notifying Apple. Apple has not yet made patches for this issue.

The new security certification system also reveals problems and the noise is constant. At the time of the release of Apple`s iPhone X, Apple had emphasized that it is safe to use any security technology, except for fingerprint recognition and the introduction of face recognition. However, Bkav, a Vietnamese security company, demonstrated in November that it made a special face mask to neutralize the face ID function of iPhone X.

According to foreign sources, face IDs in the US, China, and other parts of the world have been unlocked due to misidentification of twins, brothers, hats and co-workers` faces. Therefore, biometrics technology adoption is not taking place in the active financial sector.

Meanwhile, `CVE (public security vulnerability)` found in Apple products last year increased significantly from 324 in 2016 to 590 (iOS + Mac OS, excluding joint vulnerability). There are 387 iOS and 299 Mac OS, respectively, and iOS is close to half of Android (841).

While continuing to reveal security limits, Apple is still confident of complete security and prohibits installing anti-virus solution apps in the App Store. Security experts point out that closed platforms can be more vulnerable to security than open platforms, as long as perfect security cannot exist.

"Apple security vulnerabilities in the black market are often traded at a high price of KRW 500 million to 1 billion," said Lee Hee-joo, director of the IoT & SW Security Center for International Collaborative Research (Korea University). "If a large vulnerability is found on a closed platform It can be more dangerous for security than an open platform that features fast discovery and patching."

By Lee Gyung Tak kt87@


[ copyright ⓒ The Digitaltimes ]