Security News

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. Both the vulnerabilities have been reported to Apple anonymously.

Here on Naked Security, we've been lamenting the mysterious nature of Apple's security updates for ages. In the sudo bug case, Apple did eventually come to the party, and updated its own products in September.

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. Successful exploitation of this bug allows attackers to execute arbitrary code on iPhones and iPads running vulnerable versions of iOS and iPadOS after processing maliciously crafted web content.

Apple has released security updates to address a persistent denial of service dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later. Apple has addressed this severe resource exhaustion issue in iOS 15.2.1 and iPadOS 15.2.1 by adding improved input validation which no longer allows attackers to disable vulnerable devices.

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "Resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation.

CVE-2021-30663 - Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2021-30665 - Processing maliciously crafted web content may lead to arbitrary code execution.

You can tell iOS and iPadOS apps not to track your activity. After you've been running the latest update on your iPhone or iPad, start opening different apps as you normally would.

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

Microsoft has added support for detecting jailbroken iOS devices to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus. The new detection capability now available in the enterprise endpoint security platform will warn security teams of both managed and unmanaged jailbroken iPhones and iPads on their network.

The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos. Earlier this month, the ransomware gang conducted an attack on Quanta, a Taiwan-based original design manufacturer that helps manufacture the Apple Watch, Apple Macbook Air, and the Apple Macbook Pro.