Security News

Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild. The updates are to iOS 16.4.1, iPadOS 16.4.1, Safari 16.4.1, and macOS 13.3.1.

Simply put, there were zero days during which even the most proactive and cybersecurity conscious users amongst us could have been patched in advance of the crooks. Just to be clear: the Apple Safari browser uses WebKit for "Processing web content" on all Apple devices, although third-party browsers such as Firefox, Edge and Chromium don't use WebKit on Mac.

Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. The second zero-day is a WebKit use after free that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages.

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it's aware the bugs "May have been actively exploited."

Apple's App Store rules mean that all browsers on iPhones and iPads must use WebKit, making this sort of bug a truly cross-browser problem for mobile Apple devices.Kernel code execution bugs are inevitably much more serious than app-level bugs, because the kernel is responsible for managing the security of the entire system, including what permissions apps can acquire, and how freely apps can share files and data between themselves.

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. Last week, Google TAG and Amnesty International exposed two recent series of attacks using exploit chains of Android, iOS, and Chrome zero-day and n-day flaws to deploy mercenary spyware.

Senior Chinese government officials have urged Apple CEO Tim Cook to improve the security and privacy features of his company's products. "Director Zheng Shanjie said that the Chinese government will unswervingly implement the basic national policy of opening to the outside world, and the National Development and Reform Commission will continue to support foreign-funded enterprises including Apple in their business in China," the post states.

Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now. The US government's Cybersecurity and Infrastructure Security Agency logged the WebKit type confusion flaw in its Known Exploited Vulnerabilities Catalog on February 14, a day after Apple patched the issue in macOS Ventura, Safari 16 on macOSes Big Sur and Monterey, and iOS 16.

Apple's latest update blast is out, including an extensive range of security patches for all devices that Apple offcially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple's super-cool external Studio Display monitor.

Apple has released security updates for - pardon the pop-culture reference - everyhing everywhere all at once, and has fixed the WebKit vulnerability exploited in the wild for users of older iPhones and iPads. The presently most important fix among those delivered is the one for CVE-2023-23529, a type confusion issue in the WebKit browser engine, which can be triggered by maliciously crafted web content and ultimately allow code execution.