Security News

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.

The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. Attack chains involving Roaming Mantis, a financially motivated Chinese threat actor, are known to either deploy a piece of banking trojan named MoqHao or redirect iPhone users to credential harvesting landing pages that mimic the iCloud login page.

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "Highly targeted cyberattacks." Lockdown Mode, when enabled, "Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement.

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. This app in fact infected the device with RCS's spyware.

While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some insight into what exactly your iOS handheld is up to when it's seemingly off or asleep. According to the research, an Apple iPhone that goes asleep into low-power mode or is turned off isn't necessarily protected against surveillance.

Researchers have demonstrated iPhone malware that works even when the phone is fully shut down. T turns out that the iPhone's Bluetooth chip­ - which is key to making features like Find My work­ - has no mechanism for digitally signing or even encrypting the firmware it runs.

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication and Ultra-wideband technologies in the device, researchers have found. These features-which have access to the iPhone's Secure Element, which stores sensitive info-stay on even when modern iPhones are powered down, a team of researchers from Germany's Technical University of Darmstadt discovered.

A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "Off." Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.

How to lock an iPad or iPhone into Single App Mode with Guided Access. Does your organization utilize iPad apps for kiosk-style uses, or have you ever needed to hand a device to someone else to use an app or enter information, but didn't want to give away access to everything that's on the device? Apple has a solution for these scenarios built into iOS and iPadOS called Guided Access.

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists. "Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.