Security News

Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks. The first zero-day is a privilege escalation vulnerability caused by a weakness in the XNU kernel that can let local attackers elevate privileges on vulnerable iPhones and iPads.

Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. The zero-day is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads.

Surprises often arise when connecting two iPhones to the same Apple ID. Addressing several key settings helps avoid common mistakes. Although connecting two iPhones to the same Apple ID has its advantages - including expanding your or a partner's access to your documents, spreadsheets and presentations - unpleasant surprises can arise such as unintentionally revealing contact and calendar information and mistakenly sending texts from the wrong number.

Apple has emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. We've just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target's iPhone.

Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities exploited "Against versions of iOS before iOS 16.7.". Earlier this month, Apple closed two zero-day vulnerabilities that have been chained together by attackers to deliver NSO Group's Pegasus spyware.

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The Washington Post reported that the Russian government is not a client of NSO Group, citing an unnamed person familiar with the company's operations.

The Agence Nationale des Fréquences has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body. ANFR says it recently conducted measurements on 141 phones available on the French market by contracting an accredited laboratory, where it found that iPhone 12's SAR value for limbs is 5.74 W/kg, exceeding the 4.0 W/kg limit by 43.5%. As such, the agency demands that Apple withdraws all iPhone 12 devices from the French market and takes the required action to make them compliant with European regulations.

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware. Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.