Security News

Apple users urged to install latest updates to combat hacking. iPhone, iPad, Mac and Safari users are being advised to apply the latest updates to fix security holes that could be used to gain control of a device.

Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix. Earlier this year, Michael Horowitz, a veteran software developer and consultant, revisited the situation and found that VPNs on iOS are still vulnerable and leaking data.

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. CVE-2022-32894 - An out-of-bounds issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges.

Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," warns Apple in a security bulletin released today.

Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There's a remote code execution hole dubbed CVE-20220-32893 in Apple's browser and HTML rendering software, by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised and untrusted software code.

Apple has released security updates for iOS, iPadOS, and macOS Monterey to fix CVE-2022-32894 and CVE-2022-32893, two code execution vulnerabilities exploited by attackers in the wild. CVE-2022-32894 is out-of-bounds write issue in the operating systems' kernel that can be exploited by a malicious application to execute arbitrary code with kernel privileges.

Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. This is the fifth Chrome bug Google has fixed this year that has either been exploited or had exploit code in the wild.

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.

Apple's internet traffic took an unwelcome detour through Russian networking equipment for about twelve hours between July 26 and July 27. In a write-up for MANRS, a public interest group that looks after internet routing, Internet Society senior internet technology manager Aftab Siddiqui said that Russia's Rostelecom started announcing routes for part of Apple's network on Tuesday, a practice referred to as BGP hijacking.

I haven't written about Apple's Lockdown Mode yet, mostly because I haven't delved into the details. Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.