Security News

Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar. Apple said it is "Aware of a report that this issue may have been actively exploited." How would one inject malicious code into a device? Look no further than.... CVE-2021-1871, CVE-2021-1870: Also fixed in iOS 14.4 and iPadOS 14.4, a logic bug in WebKit that can be exploited by a malicious webpage - opened in, say, Safari - to execute arbitrary code.

Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities. Apple has promised additional details will be available soon.

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users.

A recently uncovered zer0-click Apple zero-day flaw, used in a spyware campaign against Al Jazeera journalists, shed light this week on the impact of Apple security issues being abused by bad actors. In 2020, the security research community saw an array of "Powerful" Apple bugs afflicting iOS, iPhone and more - and at the same time, cybercriminals stepped up their game, with new attacks leveraging legitimate Apple functionalities, said Patrick Wardle, principal security researcher with Jamf.

New spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams. The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services - particularly in Chinese-speaking countries, Korea and Japan, according to research published by Lookout Threat Intelligence on Wednesday.

An extortion campaign targeting Chinese, Korean, and Japanese speakers recently started using a new piece of spyware, mobile security firm Lookout reported on Wednesday. The campaign is focused on infecting iOS and Android of illicit sites, such as those offering escort services, in order to steal personal information, likely with the intent to blackmail or extort victims.

Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities. The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks.

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, without any user interaction. According to Beer, the exploit leverages a single memory corruption vulnerability that can be used against an iPhone 11 Pro device to bypass mitigations and achieve native code execution and kernel memory reading and writing.