Apple Archives - Page 3 of 8 - Cyber Security Minute

Fast Company hacked to send obscene and racist messages

Issued by: Malwarebytes

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: “Hacked by Vinny Troia. [redacted] tongue my [redacted]”, one title…

Malware & Threats

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Issued by: Dark Reading

Microsoft has revealed a now-fixed flaw in Apple’s macOS that allowed specific kinds of code to bypass the operating system’s App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement,…

Mobile Security

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

Issued by: Dark Reading

Apple today announced a new feature called Lockdown Mode that automatically locks down any system functionality that could be hijacked by even the most sophisticated, state-sponsored mercenary spyware to compromise a user device. While Apple acknowledged in its statement announcing the initiative that the number of users who might need Lockdown Mode is small, protecting…

Mobile Security, Software Security

Apple Announces New Security Update Feature in iOS 16, macOS Ventura

Issued by: Security Week

The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…

Vulnerabilities

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Issued by: Dark Reading

Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That’s how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest…

Vulnerabilities

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

Issued by: Help Net Security

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3. “Processing maliciously crafted…

Vulnerabilities

Mac Malware-Dropping Adware Gets More Dangerous

Issued by: Dark Reading

The latest version of a Mac Trojan called UpdateAgent, aka WizardUpdate, provides fresh evidence of the growing effort that some threat actors are putting into targeting Apple technologies. The malware, which impersonates legitimate software, such as support agents and video software, first surfaced in September 2020. It is commonly distributed via drive-by downloads or pop-ups…

Mobile Security

Apple Patches iOS HomeKit Flaw After Researcher Warning

Issued by: Security Week

The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names. The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it…

Vulnerabilities

Corellium Lands $25 Million Investment for Virtualization Tech

Issued by: Security Week

Corellium, a Florida-based company with its roots in the iPhone jailbreaking community, said the $25 million Series A also included investments from Cisco investments and other strategic investors. Corellium LogoThe money comes exactly a year after a federal judge dismissed Apple’s copyright lawsuit against Corellium and the two sides reached a settlement on another matter…

Vulnerabilities

Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation

Issued by: Security Week

Tracked as CVE-2021-30892 and named “Shrootless” by Microsoft, the vulnerability exists in the method used to install Apple-signed packages with post-install scripts. To successfully exploit the vulnerability, an attacker needs to create a specially crafted file that would allow them to hijack the installation process of said packages. Apple introduced SIP in macOS Yosemite to…