Security News

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
2024-01-23 11:35

Apple has fixed an actively exploited zero-day vulnerability that affects Macs, iPhones, iPads and AppleTVs. CVE-2024-23222 is a type confusion issue that affects WebKit - Apple's browser engine used in the Safari web browser and all iOS and iPadOS web browsers.

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
2024-01-23 01:30

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as...

Apple fixes first zero-day bug exploited in attacks this year
2024-01-22 19:20

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that attackers could exploit to gain code execution on targeted devices. "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited," Apple said today.

Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs
2024-01-18 19:00

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs
2024-01-18 19:00

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats
2024-01-17 23:21

Research made public on Tuesday detailed how miscreants can exploit the hole to read data they're not supposed to in a system's local GPU memory. While the flaw potentially affects all GPU applications on vulnerable chips, it is especially concerning for those processing machine-learning applications because of the amount of data these models process using GPUs, and therefore the amount of potentially sensitive information that could be swiped by exploiting this issue.

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
2024-01-17 15:32

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]

China loathes AirDrop so much it's publicized an old flaw in Apple's P2P protocol
2024-01-15 02:58

Protestors reportedly used AirDrop to share anti-government material during China's long and strict COVID-19 lockdowns. Which is why Chinese authorities last week admitted that the use of AirDrop is considered problematic after police previously found inappropriate material being shared on the Beijing subway using the protocol.

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack
2024-01-10 04:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

China claims it cracked Apple's AirDrop to find numbers, email addresses
2024-01-09 21:46

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of censoring its people, requesting Apple block access to mobile apps, blocking encrypted messaging apps, such as Signal, and creating the Great Firewall of China to control what sites can be visited in the country.