Security News
Apple sent a threat notification to iPhone users in 92 countries on April 10 informing them that their device was "Being targeted by a mercenary spyware attack." The alert, sent at 12:00 p.m. Pacific Time, told recipients that the attackers were attempting to "Remotely compromise" their phone and that they were likely being targeted specifically "Because of who you are or what you do." Apple's notification did not identify the alleged attackers, nor did it specify the locations of its recipients. iPhone users who have received the mercenary spyware attack alert should enlist expert cybersecurity help, Apple stated on its dedicated support page.
Apple has been notifying iPhone users in 92 countries about a "Mercenary spyware attack" attempting to remotely compromise their device. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-," reads the notification.
One thing that makes the service stand out is that it approaches the targets using the Rich Communication Services protocol for Google Messages and iMessage instead of SMS for sending phishing messages. "The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service highlighted in numerous posts on Reddit's /r/phishing." - Netcraft.
Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.
Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. The company says it addressed the security flaws for devices running iOS 17.4, iPadOS 17.4, iOS 16.76, and iPad 16.7.6 with improved input validation.
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. Apple offers a one-year warranty for new iPhones, enabling customers to return malfunctioning devices to Apple or authorized resellers for a replacement.
Two Chinese nationals are facing a maximum of 20 years in prison after being convicted of mailing thousands of fake iPhones to Apple for repair in the hope they'd be replaced with new handsets. The Department of Justice says the pair submitted upwards of 5,000 "Inauthentic" iPhones to the tech giant "Intending to cause a loss of more than $3 million to Apple" between May 2017 and September 2019.
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to...
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.
Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking. "Apps should not attempt to surreptitiously build a user profile based on collected data and may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from Apple-provided APIs or any data that you say has been collected in an 'anonymized,' 'aggregated,' or otherwise non-identifiable way," reads a section of Apple App Store review guidelines.