Security News
Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."
Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches. Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.
Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Apple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue.
Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild. The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."
Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by "Giving in to tyrants." In the days following a Feb. 1 military coup that seized control of the Myanmar government, signups for ProtonVPN encrypted internet services exploded by 250 times over the previous average daily rate, Yen said.
Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction.
ElcomSoft updates iOS Forensic Toolkit, the company's mobile forensic tool for extracting data from a range of Apple devices. Version 7.0 expands the ability to perform full file system extraction without the need to install a jailbreak, adding support for recent versions of iOS including iOS 14 through 14.3 on all devices including the current iPhone 12 range.
Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS, iPadOS, watchOS and tvOS. Thus, any apps built on top of the project automatically include the malicious code.