Security News

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. Three iOS zero-days in February, exploited in the wild and reported by anonymous researchers.

Apple has rolled out security updates to address dozens of iOS and macOS vulnerabilities, including a severe iOS bug dubbed WiFiDemon that could lead to denial of service or arbitrary code execution. The vulnerability, tracked as CVE-2021-30800 and a zero-day bug when security researcher Carl Schou publicly disclosed it, was fixed by Apple with the release of iOS 14.7 earlier this week.

iPhone users, drop what you're doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities - some of which are remotely exploitable - and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren't getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware. A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit.

The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability, which came to light last month, stemmed from the way iOS handled string formats associated with the SSID input, triggering a crash on any up-to-date iPhone that connected to wireless access points with percent symbols in their names such as "%p%s%s%s%s%n.

It's already nearly two months since Apple's last security update to iOS 14, which was back on 2021-05-24 when iOS 14.6 appeared. So we weren't surprised to see that another patch is out, officially listed [2021-07-19] as covering iOS, tvOS and watchOS. Annoyingly, there's no mention of iPadOS, which has typically been listed on the same line as its related iOS update in recent Apple security reports.

iPhones have been compromised by the NSO Group's Pegasus spyware. The findings indicated that the Pegasus spyware program sold by surveillance company NSO Group was able to infect iPhone 11 and iPhone 12 models through zero-click attacks in the iOS iMessage app.

The original DoS issue is a string-format bug discovered by researcher Carl Schou, who found that connecting to an access point with the SSID "%p%s%s%s%s%n" would disable a device's Wi-Fi. String-format problems occur when operating systems mistakenly read certain characters as commands: In this case, the "%" combined with various letters. "My iPhone permanently disabled it's [sic] Wi-Fi functionality," Schou wrote in his writeup, in June.

Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone's WiFi connection after trying to connect to a network with a name that included a special character.

" We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really.