Security News

Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited. Apple credits Kaspersky researchers Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin, Leonid Bezvershenko, and Boris Larin with finding this bug, which looks similar to the kernel vulnerability used to infect iPhones with TriangleDB spyware and also uncovered by the aforementioned team.

Two weeks ago, we urged Apple users with recent hardware to grab the company's second-ever Rapid Response patch. CVE-2023-37450: an anonymous researcher The next-best thing to zero-click attacks Technically, code execution bugs that can be triggered by getting you to look at a web page that contains booby-trapped content don't count as so-called zero-click attacks.

Apple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported. In early July, Apple fixed an actively exploited zero-day vulnerability in WebKit.

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. Specifically, the Online Safety Bill requires companies to install technology to scan for child sex exploitation and abuse material and terrorism content in encrypted messaging apps and other services.

"Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly," Apple said on Tuesday. Today, Apple started pushing iOS 16.5.1, iPadOS 16.5.1, and macOS 13.4.1 Security Response updates that address the web browsing issues.

Apple's offical upgrade pathway at least for its mobile devices, has always been to supply full, system-level patches that can never be rolled back, because Apple doesn't like the idea of users deliberately downgrading their own systems in order to exploit old bugs for the purpose of jailbreaking their own devices or installing alternative operating systems. As a result, even when Apple produced emergency one-bug or two-bug fixes for zero-day holes that were already being actively exploited, the company needed to come up with what was essentially a one-way upgrade, even though all you really needed was a minmalistic update to one component of the system to patch a clear and present danger.

The second-ever Apple Rapid Security Response just came out. The last point above is surprisingly important, given that Apple absolutely will not allow you to uninstall full-on system updates to your iPhones or iPads, even if you find that they cause genuine trouble and you wish you hadn't applied them in the first place.

Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks also break browsing on some websites. The company advises customers who have already applied the buggy security updates to remove them if they're experiencing issues while browsing the web.