Security News

Today is Microsoft's April 2023 Patch Tuesday, and security updates fix one actively exploited zero-day vulnerability and a total of 97 flaws. This count does not include seventeen Microsoft Edge vulnerabilities fixed on April 6th. One zero-day fixed.

Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities in macOS, iOS and iPadOS. Reported by researchers Clément Lecigne of Google's Threat Analysis Group and Donncha Cearbhaill, the head of Amnesty International's Security Lab, the vulnerabilities have been exploited in tandem to achieve full device compromise - with the likely goal to install spyware on target devices. CVE-2023-28206 is an out-of-bounds write issue in IOSurfaceAccelerator that can be exploited by a malicious app to execute arbitrary code with kernel privileges.

Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild. The updates are to iOS 16.4.1, iPadOS 16.4.1, Safari 16.4.1, and macOS 13.3.1.

Simply put, there were zero days during which even the most proactive and cybersecurity conscious users amongst us could have been patched in advance of the crooks. Just to be clear: the Apple Safari browser uses WebKit for "Processing web content" on all Apple devices, although third-party browsers such as Firefox, Edge and Chromium don't use WebKit on Mac.

Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. The second zero-day is a WebKit use after free that can let threat actors execute malicious code on compromised iPhones, Macs, or iPads after tricking their targets into loading malicious web pages.

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it's aware the bugs "May have been actively exploited."

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. Last week, Google TAG and Amnesty International exposed two recent series of attacks using exploit chains of Android, iOS, and Chrome zero-day and n-day flaws to deploy mercenary spyware.

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group has revealed. Upon clicking, the URLs redirected the recipients to web pages hosting exploits for Android or iOS, before they were redirected again to legitimate news or shipment-tracking websites.

Google's Threat Analysis Group discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022.

Apple's latest update blast is out, including an extensive range of security patches for all devices that Apple offcially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware in Apple's super-cool external Studio Display monitor.