Security News

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs
2023-07-11 20:12

The second-ever Apple Rapid Security Response just came out. The last point above is surprisingly important, given that Apple absolutely will not allow you to uninstall full-on system updates to your iPhones or iPads, even if you find that they cause genuine trouble and you wish you hadn't applied them in the first place.

Apple confirms WebKit security updates break browsing on some sites
2023-07-11 15:42

Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks also break browsing on some websites. The company advises customers who have already applied the buggy security updates to remove them if they're experiencing issues while browsing the web.

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
2023-07-11 09:48

Apple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update in Safari, so users running macOS Big Sur and macOS Monterey can also implement the fix.

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari
2023-07-11 04:08

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when processing specially crafted web content.

Apple releases emergency update to fix zero-day exploited in attacks
2023-07-10 18:01

Apple has issued a new round of Rapid Security Response updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads. Some out-of-band security updates may also be employed to counter security vulnerabilities actively exploited in attacks.

Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law
2023-06-29 06:40

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!
2023-06-22 21:36

Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Typically, iPhone malware that can compromise an entire device not only violates Apple's strictures about software downloads being restricted to the "Walled garden" of Apple's own App Store, but also bypasses Apple's much vaunted app separation, which is supposed to limit the reach of each app to a "Walled garden" of its own, containing only the data collected by that app itself.

Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435)
2023-06-22 10:23

Apple has released patches for three zero-day vulnerabilities exploited in the wild. Referencing Kaspersky's findings, Apple says that those last two vulnerabilities "May have been actively exploited against versions of iOS released before iOS 15.7.".

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
2023-06-22 06:56

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. The iPhone maker said it's aware that the two issues "May have been actively exploited against versions of iOS released before iOS 15.7," crediting Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko, and Boris Larin for reporting them.

Apple squashes kernel bug used by TriangleDB spyware
2023-06-21 20:26

Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers. In the security shop's ongoing analysis of the smartphone snooping campaign - during which attackers exploit a kernel vulnerability to obtain root privileges and install TriangleDB on victims' handsets - Kaspersky analysts uncovered 24 commands provided by the malware that can be used for a range of illicit activities; everything from stealing data, to tracking the victim's geolocation, and terminating processes.