Security News

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821, the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.

Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely access Redis instances running in NOSi Docker containers. The IOS XR Network OS is deployed on multiple Cisco router platforms, including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some insight into what exactly your iOS handheld is up to when it's seemingly off or asleep. According to the research, an Apple iPhone that goes asleep into low-power mode or is turned off isn't necessarily protected against surveillance.

Securing your internet access can mean many things, but we like to think of it as a two-fold approach for both on-device data and network data once your web request has left your device. We'll take a look at how to secure your data on the device and how to protect your data that ISPs might see through iCloud Private Relay and VPNs. How to secure on-device network activity.

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs - a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674.

Apple has released updates for its mobile and desktop operating systems to patch security holes that may well have been exploited in the wild. On Thursday, the iPhone giant issued macOS Monterey 12.3.1; iOS 15.4.1 and iPadOS 15.4.1; tvOS 15.4.1; and watchOS 8.5.1 to address vulnerabilities in its software.

How to use AutoFill Passwords in iOS. Starting in iOS 12, Apple began allowing third-party password managers the ability to integrate directly with the operating system to offer up passwords to autofill for users in Safari and supported third-party apps. The majority of password managers that support iOS will implement the Apple Password API, which is a built-in iOS API that Apple provides to ensure a streamlined process when auto-filling passwords throughout the system in Safari and third-party apps.

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what's coming in 2022. In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle attacks.

How to add notes to iCloud passwords in macOS 12.3 and iOS 15.4. Now, with iOS 15.4 and macOS 12.3, Apple has added another feature to iCloud Keychain: Notes.

iOS users: Patch now to avoid falling prey to this WebKit vulnerability. iOS users may have noticed an unexpected software update on their devices yesterday, and Apple is urging everyone to install that update immediately to avoid falling prey to a use-after-free vulnerability that could allow an attacker to execute arbitrary code on a victim's device.