Security News

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device. Apple did not say who might be involved in the exploitation of this bug.

Apple on Monday released a major security update with fixes for a security defect the company says "May have been actively exploited" to plant malware on macOS and iOS devices. Instead, a line in Apple advisory simply reads: "Apple is aware of a report that this issue may have been actively exploited."

Apple has released security updates for macOS Big Sur, Catalina and Mojave, as well as iOS and iPadOS. There is no indication that Apple has fixed any vulnerabilities that may be exploited to deliver NSO Group's Pegasus spyware via "Zero-click" iMessage attacks. MacOS Big Sur comes with fixes for a multitude of security issues.

Tens of Vulnerabilities Patched by Apple in macOS and iOS. Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code execution. A total of 37 security holes were resolved with the release of iOS 14.7 and iPadOS 14.7, including a recently detailed bug that attackers could exploit to crash the Wi-Fi functionality of vulnerable devices.

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to wireless access points with percent symbols in their names such as "%p%s%s%s%s%n.

Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID. The issue was initially brought to light last month, when reverse engineer Carl Schou discovered that the Wi-Fi functionality on his iPhone would completely crash when connecting to a hotspot that had the SSID "%p%s%s%s%s%n. The issue, which impacts all iOS devices running iOS 14.0 to 14.6, was deemed to be a format string bug, where iOS is considering the characters that follow "%" as string-format specifiers, meaning that they are processed as commands, rather than text.

Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits. Citizen Lab was able to independently observe NSO Pegasus spyware deployed on an iPhone 12 Pro Max running iOS 14.6, hacked via a zero-day zero-click iMessage exploit, which does not require interaction from the target.

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.

Using iCloud Private Relay in iOS 15, you can easily obscure your internet traffic and ensure that network providers cannot spy on your activity. With any paid iCloud plan in iOS 15, you will get access to a new service called iCloud Private Relay, which routes your web traffic in Safari anonymously through Apple's relay service, obscuring your location and IP address.

Google Chrome for iOS now allows you to lock your incognito tabs behind Face ID so other people can't snoop on what sites you are visiting. Google Chrome's incognito mode is commonly used to visit sensitive sites that people do not want to appear in the browser history or for cookies to be saved.