Security News

In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. The service comes on the heels of a recently uncovered iMessage zero-click exploit, which was being leveraged in an espionage attack against Al Jazeera journalists and executives.

Apple CEO Tim Cook fired off a series of thinly veiled shots at Facebook and other social media companies Thursday, escalating an online privacy battle pitting the iPhone maker against digital services that depend on tracking people to help sell ads. Cook's broadside came as Apple prepares to roll out a new privacy control in the early spring to prevent iPhone apps from secretly shadowing people.

Apple has quietly added several anti-exploit mitigations into its flagship mobile operating system in what appears to be a specific response to zero-click iMessage attacks observed in the wild. The new mitigations were discovered by Samuel Groß, a Google Project Zero security researcher who specializes in remote iPhone exploitation and zero-click attacks against mobile messaging systems.

Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. Although Apple didn't provide a specific date, the general timetable disclosed Thursday means a long-awaited feature known as App Tracking Transparency will be part of an iPhone software update likely to arrive in late March or some point in April.

Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way. Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4.

Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar. Apple said it is "Aware of a report that this issue may have been actively exploited." How would one inject malicious code into a device? Look no further than.... CVE-2021-1871, CVE-2021-1870: Also fixed in iOS 14.4 and iPadOS 14.4, a logic bug in WebKit that can be exploited by a malicious webpage - opened in, say, Safari - to execute arbitrary code.

Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities. Apple has promised additional details will be available soon.