Security News

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. In October, Apple fixed a zero-day in the iOS Kernel.

It's just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words "a remote user may be able to cause unexpected app termination or arbitrary code execution". Now, there's another security update, apparently moving iPhone users only up to version iOS 16.1.2.

Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers. [...]

Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.

According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks.

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "An app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

The "Clear-and-present danger" prize goes to iOS and iPadOS, which get updated to version 16.1 and 16 respectively, where one of the listed security vulnerabilites allows kernel code execution from any app, and is already actively being exploited. As you might have assumed, given that the release of Ventura takes macOS to version 13, three-versions-ago macOS 10 Catalina doesn't appear in the list this time.

For the ninth time this year, Apple has released fixes for a zero-day vulnerability exploited by attackers to compromise iPhones. CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability.

We use Apple's Mail app all day, every day for handling work and personal email, including a plentiful supply of very welcome Naked Security comments, questions, article ideas, typo reports, podcast suggestions and much more. We've always found the Mail app to be a very useful workhorse that suits us well: it's not especially fancy; it's not full of features we never use; it's visually simple; and, it's been doggedly reliable.