Security News
According to the company, this change to the App Store API rules ensures developers don't abuse APIs for user fingerprinting. Developers must choose one or more approved reasons that accurately align with their app's API usage.
A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "Emptying crypto wallets and stealing stored password and browser data" from both Windows and macOS machines.
Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited. Apple credits Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin with finding this bug, which looks similar to the kernel vulnerability used to infect iPhones with TriangleDB spyware and also uncovered by the aforementioned team.
Two weeks ago, we urged Apple users with recent hardware to grab the company's second-ever Rapid Response patch. CVE-2023-37450: an anonymous researcher The next-best thing to zero-click attacks Technically, code execution bugs that can be triggered by getting you to look at a web page that contains booby-trapped content don't count as so-called zero-click attacks.
Apple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported. In early July, Apple fixed an actively exploited zero-day vulnerability in WebKit.
Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. Specifically, the Online Safety Bill requires companies to install technology to scan for child sex exploitation and abuse material and terrorism content in encrypted messaging apps and other services.
"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday. Today, Apple started pushing iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 Security Response updates that address the web browsing issues.
Apple's offical upgrade pathway at least for its mobile devices, has always been to supply full, system-level patches that can never be rolled back, because Apple doesn't like the idea of users deliberately downgrading their own systems in order to exploit old bugs for the purpose of jailbreaking their own devices or installing alternative operating systems. As a result, even when Apple produced emergency one-bug or two-bug fixes for zero-day holes that were already being actively exploited, the company needed to come up with what was essentially a one-way upgrade, even though all you really needed was a minmalistic update to one component of the system to patch a clear and present danger.