Security News

The Agence Nationale des Fréquences has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. ANFR says it recently conducted measurements on 141 phones available on the French market by contracting an accredited laboratory, where it found that iPhone 12's SAR value for limbs is 5.74 W/kg, exceeding the 4.0 W/kg limit by 43.5%. As such, the agency demands that Apple withdraws all iPhone 12 devices from the French market and takes the required action to make them compliant with European regulations.

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.

A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after Stealer, Pureland, Atomic Stealer, and Realst. "Threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads," SentinelOne security researcher Phil Stokes said in a Monday analysis.

It's a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware. Revelations this week from Microsoft and Apple speak to the COVID-like persistence of cyber threats and the ability of threat actors to adapt in the wild, steal credentials and sidestep patches.

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild. Researchers at Citizen Lab are referring to the exploit as BLASTPASS. The team said they immediately disclosed their findings to Apple when they first discovered an infected device owned by an individual employed by a Washington DC-based civil society organization with international offices.

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. In a separate alert, Citizen Lab revealed that the twin flaws have been weaponized as part of a zero-click iMessage exploit chain named BLASTPASS to deploy Pegasus on fully-patched iPhones running iOS 16.6.

Apple has patched two zero-day vulnerabilities exploited to deliver NSO Group's Pegasus spyware."The exploit chain was capable of compromising iPhones running the latest version of iOS without any interaction from the victim," Citizen Lab shared.

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year. Since the start of the year, Apple has patched 13 zero-day bugs exploited in attacks against devices running iOS, macOS, iPadOS, and watchOS. While Apple has yet to disclose details regarding attacks exploiting the flaws patched today, it acknowledged that CVE-2023-41064 was found and reported by Citizen Labs, whose researchers have previously shared information on other Apple zero-days exploited to deploy commercial spyware on computers and iPhones in targeted attacks.