Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

By Ravie Lakshmanan — August 18^th 2022 at 03:08

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An

Naked Security

Apple patches double zero-day in browser and kernel – update now!

By Paul Ducklin — August 17^th 2022 at 23:33

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

The Hacker News

North Korea Hackers Spotted Targeting Job Seekers with macOS Malware

By Ravie Lakshmanan — August 17^th 2022 at 06:20

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into

Naked Security

Zoom for Mac patches critical bug – update now!

By Paul Ducklin — August 15^th 2022 at 18:26

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

By Paul Ducklin — July 21^st 2022 at 12:38

One vendor's zero-day is another vendor's routine patch...

The Hacker News

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities

By Ravie Lakshmanan — July 21^st 2022 at 06:40

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).  Chief among them is CVE-2022-

The Hacker News

Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users

By Ravie Lakshmanan — July 19^th 2022 at 11:50

Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the

The Hacker News

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

By Ravie Lakshmanan — July 7^th 2022 at 08:23

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies

The Hacker News

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

By Ravie Lakshmanan — June 20^th 2022 at 10:10

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 (CVSS score: 8.8), concerns a case of a use-after-free vulnerability in the WebKit component that could be exploited by a piece of specially crafted web content to

The Hacker News

Apple's New Feature Will Install Security Updates Automatically Without Full OS Update

By Ravie Lakshmanan — June 7^th 2022 at 06:34

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a

Naked Security