Security News

Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled. Apple Pay solved the problem with Express Transit, a feature that allows a transaction to go through without unlocking the device.

Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. The zero-day patched today [1, 2] was found in the XNU operating system kernel and was reported by Erye Hernandez and Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero.

Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.

Openc8... is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7. The trio's - Seetal Potluri was the third researcher - checkm8 reimplementation, which brings with it a range of claimed improvements, is dubbed openc8, and is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7.

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. The CVE-2021-30860 CoreGraphics vulnerability is an integer overflow bug discovered by Citizen Lab that allows threat actors to create malicious PDF documents that execute commands when opened in iOS and macOS. CVE-2021-30858 is a WebKit use after free vulnerability allowing hackers to create maliciously crafted web page that execute commands when visiting them on iPhones and macOS. Apple states that this vulnerability was disclosed anonymously.

You can tell iOS and iPadOS apps not to track your activity. After you've been running the latest update on your iPhone or iPad, start opening different apps as you normally would.

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don't require to victim to do anything, like click on a link or open a file.

Apple has announced a new free-of-charge service program for iPhone 12 and iPhone 12 Pro devices experiencing sound issues caused by a receiver module component. "Apple has determined that a very small percentage of iPhone 12 and iPhone 12 Pro devices may experience sound issues due to a component that might fail on the receiver module," the company said in a new support document.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.

A previously undisclosed "Zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad, three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain.