Security News

Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "Thousands" of diplomats worldwide. A Kaspersky spokesperson told The Register it's aware of the FSB claims, but can't say if the two things - Uncle Sam backdooring iPhones, and the spyware found on several Kaspersky devices - are linked.

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. "The most straight-forward implication of a SIP bypass is that an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra said.

In a previous TechRepublic article, I wrote about how you can customize and maintain Apple IDs on multiple devices; but, what about using multiple Apple IDs on the same Mac within the same user account? This comes in handy when using two Apple IDs: one for personal use and another for business purposes. There are several reasons why you might want to use two Apple IDs on the same Mac.

Apple fixes WebKit 0-days under attackApple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited." Enhancing open source security: Insights from the OpenSSF on addressing key challengesIn this Help Net Security interview, we meet a prominent industry leader.

Apple have just introduced "Rapid Security Responses." People are reporting that they take seconds to download and require one super-quick reboot. These new Rapid Security Responses were only available for the very latest version of macOS and the latest iOS/iPadOS, which left users of older Macs and iDevices, as well as owners of Apple Watches and Apple TVs, in the dark.

Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that "May have been actively exploited." The notes accompanying the updates also revealed that Apple's first Rapid Security Response update, which was pushed out earlier this month, contained fixes for two WebKit 0-days.

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. An anonymous researcher has been acknowledged for reporting the other two issues.

Apple has issued a bushel of security updates and warned that three of the flaws it's fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and employs in its Safari browser - and demands be used by other browsers on iOS. CVE-2023-32409 means "A remote attacker may be able to break out of Web Content sandbox." Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill of Amnesty International's Security Lab found the flaw - who knew Amnesty did that?

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads. Apple addressed the three zero-days in macOS Ventura 13.4, iOS and iPadOS 16.5, tvOS 16.5, watchOS 9.5, and Safari 16.5 with improved bounds checks, input validation, and memory management.

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. A total of 6.1 million app submissions were reviewed.