Security News

Apple on Monday pushed to some iPhones and Macs its first-ever rapid security fix. This type of patch is supposed to be downloaded and applied automatically and seamlessly by the operating system to immediately protect devices from exploitation, thus avoiding the usual system update cycle that users may put off or miss and thus leave their stuff vulnerable to attack.

Apple and Google have come together to develop an industry specification to prevent "Unwanted tracking," otherwise known as stalking, via Bluetooth location tracking tags. Though Tile has been selling Bluetooth Low Energy wireless tracking tags for a decade, it wasn't until 2021, when Samsung introduced its Galaxy SmartTag and Apple introduced its AirTag, that reports of abuse of the devices became commonplace.

Apple and Google have joined forces to push for adopting new industry standards designed to stop stalking via Bluetooth-enabled location-tracking devices. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across iOS and Android platforms," Apple and Google said in coordinated press releases published today.

The security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Announced nearly a year ago, the security-focused feature makes user devices automatically install security patches as they are made available.

We've written about the uncertainty of Apple's security update process many times before. Rapid Security Responses are a new type of software release for iPhone, iPad, and Mac.

Apple has launched the first Rapid Security Response patches for iOS 16.4.1 and macOS 13.3.1 devices, with some users having issues installing them on their iPhones. As the company describes in a recently published support document, RSR patches are small-sized updates that target the iPhone, iPad, and Mac platforms and patch security issues between major software updates.

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. The Apple device management company attributed it to a threat actor known as BlueNoroff, a subgroup within the infamous Lazarus cluster that's also tracked under the monikers APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444.

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system.The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS variant has been available since November 11, 2022, and has managed to evade detection by anti-malware engines until now.

Reports from Microsoft and The University of Toronto's Citizen Lab both conclude that government-serving spyware maker QuaDream used a zero-click exploit targeting Apple devices running iOS 14 to deliver spyware marketed under the name Reign to victims' phones. Once somehow up and running via this method, the spyware was able to exfiltrate various elements of device, carrier, and network info; search for and retrieve files; use the camera in the background; monitor calls; access the iOS keychain; generate iCloud one-time passwords; and more, said Microsoft.

Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities in macOS, iOS and iPadOS. Reported by researchers Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill, the head of Amnesty International's Security Lab, the vulnerabilities have been exploited in tandem to achieve full device compromise - with the likely goal to install spyware on target devices. CVE-2023-28206 is an out-of-bounds write issue in IOSurfaceAccelerator that can be exploited by a malicious app to execute arbitrary code with kernel privileges.