MacOS Calendar Exploit Let Hackers Steal iCloud Photos


A critical macOS vulnerability has been uncovered, allowing hackers to steal iCloud photos using calendar invites. Shockingly, no clicks were required from users. This zero-click exploit, discovered by security researcher Mikko Kenttälä in 2022, gave attackers access to users’ iCloud Photos without any interaction. While Apple has since patched the issue, the discovery has raised serious concerns about the dangers of zero-click attacks.


How the Exploit Worked

Kenttälä found a vulnerability in macOS Calendar that allowed attackers to manipulate files. Specifically, hackers could inject malicious calendar invites containing harmful file attachments. Since the system did not properly sanitize these attachments, it led to a serious security gap. Through a directory traversal attack, attackers could place dangerous files in vulnerable locations on the system​.

Furthermore, this vulnerability, known as CVE-2022-46723, allowed hackers to write and delete files without authorization. By injecting multiple malicious files, they could escalate the attack and even execute remote code​.

How iCloud Photos Were Stolen

Hackers took full advantage of the exploit when they targeted the Photos app. In fact, they manipulated the configuration of the Photos library to access iCloud Photos. By tricking the app into using an unprotected directory as the primary library, the attackers synced and copied sensitive iCloud photos.


Apple’s Response and Fixes

From October 2022 to September 2023, Apple released patches that addressed these vulnerabilities. Moreover, they tightened file permissions and improved security layers to block directory traversal attacks in Calendar. These updates have effectively closed the vulnerability​.

How to Stay Protected

Zero-click attacks are a growing threat. Therefore, security experts advise keeping software updated at all times. Additionally, limiting app permissions, especially for calendar and photo access, is also a crucial step in staying protected​.

Although Apple has fixed the issue, this incident highlights the need to stay vigilant and protect personal data from increasingly advanced threats.



Source link