Apple Archives - Cyber Security Minute

Apple Debuts Its Rapid Response Security Update Approach

Issued by: Dark Reading

Apple rolled out the first of its kind Rapid Security Response update — quick fixes automatically installed on iPhones, iPads, and iMacs in-between software updates. On May 1, devices with default settings were updated with iOS 16.4.1, iPadOS 16.4.1, or macOS Ventura 13.3.1, according to the company’s notice to users, which contained few details. Rapid…

Vulnerabilities

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

Issued by: Naked Security

Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by attackers, and put to real-life use for cybercriminal…

Vulnerabilities

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

Issued by: SecurityWeek

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…

Mobile Security

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

Issued by: Security Affairs

On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed the vulnerability with improved state handling for the iPhone 6s (all models),…

Software Security

Apple’s AirTag stalker safeguards are “woefully inadequate,” alleges lawsuit

Issued by: Malwarebytes

Two women filed a proposed class-action lawsuit on Monday, December 5, in the United States District Court for the Northern District of California against Apple, the makers of AirTags. Airtags are a small Bluetooth-enabled devices designed to track personal belongings. The suit accuses the company of failure to introduce measures to combat abuse of the…

Malware & Threats

Newsroom Sues NSO Group for Pegasus Spyware Compromise

Issued by: Dark Reading

Nearly two dozen journalists and other staffers working for El Faro, a digital newspaper based in El Salvador, are suing NSO Group for unleashing Pegasus spyware — malware they say was used to steal their most sensitive information, putting their safety in danger. Along with ASO Group Technologies, its Israeli parent company, Q Cyber Technologies…

Mobile Security

Fast Company hacked to send obscene and racist messages

Issued by: Malwarebytes

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: “Hacked by Vinny Troia. [redacted] tongue my [redacted]”, one title…

Malware & Threats

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Issued by: Dark Reading

Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement,…

Mobile Security

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

Issued by: Dark Reading

Apple today announced a new feature called Lockdown Mode that automatically locks down any system functionality that could be hijacked by even the most sophisticated, state-sponsored mercenary spyware to compromise a user device. While Apple acknowledged in its statement announcing the initiative that the number of users who might need Lockdown Mode is small, protecting…

Mobile Security, Software Security

Apple Announces New Security Update Feature in iOS 16, macOS Ventura

Issued by: Security Week

The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…