Apple Archives - Cyber Security Minute

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Issued by: The Hacker News

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296…

Malware & Threats

MacOS Malware Targets Bitcoin, Exodus Cryptowallets

Issued by: Dark Reading

Fresh malware targeting Apple users in the US and Germany is infecting Bitcoin and Exodus cryptowallet applications with a Trojan distributed through pirated software, according to Kaspersky researchers. The malware is delivered via cracked applications and can replace Exodus and Bitcoin cryptowallet applications installed on the user’s machine with infected versions that steal secret recovery…

Vulnerabilities

Apple fixed actively exploited zero-day CVE-2024-23222

Issued by: Security Affairs

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The vulnerability is a type confusion issue that resides in the WebKit, an attacker can exploit this issue by tricking the victims…

Vulnerabilities

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

Issued by: DataBreach Today

Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. The flaw, dubbed LeftoverLocals, affects the GPU frameworks of Apple, AMD and Qualcomm devices. Researchers at security firm Trail of Bits, who uncovered the flaw, said it stems from how the affected…

Malware & Threats

North Korea Debuts ‘SpectralBlur’ Malware Amid macOS Onslaught

Issued by: Dark Reading

The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed “SpectralBlur.” The custom tool is the latest in a string of proprietary malware that the advanced persistent threat (APT) group has been consistently generating — a trait that sets it apart from other DPRK-sponsored…

Application Security, Mobile Security

Apple Ships iOS 17.2 With Urgent Security Patches

Issued by: SecurityWeek

The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes. According to an advisory from Cupertino’s security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution…

Malware & Threats

Expert warns of Turtle macOS ransomware

Issued by: Security Affairs

The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. However, the malicious code was generally detected as “Other:Malware-gen”, “Trojan.Generic”, or…

Vulnerabilities

Apple addressed 2 new iOS zero-day vulnerabilities

Issued by: Security Affairs

Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read. An attacker can trick a victim into visiting specially crafted web…

Application Security

Safari Side-Channel Attack Enables Browser Theft

Issued by: Dark Reading

Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…

Mobile Security

Apple releases iOS 16 update to fix CVE-2023-42824 on older devices

Issued by: Security Affairs

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting…