A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. “[RustBucket] communicates with command and control (C2) servers to download and execute various payloads,” Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company […]
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating […]
Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies. The cybersecurity experts at Sophos uncovered the two fraudulent apps, named:- [Ace Pro] Malicious App in Google Play [MBM_BitScan] […]
A new complaint has been filed against Apple, accusing the corporation of monitoring iPhone users’ device data even when those users have requested that tracking be turned off. The lawsuit argues that Apple “illegally captures and utilizes customers’ personal information and activities.” In addition, the case alleges that the iPhone giant violated the plaintiff’s right […]
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary […]
Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. […]
Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The shortcoming, tracked as CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web […]
Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below – CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web […]
Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. “Its capabilities clearly show that the […]
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple’s operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. “An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads,” […]
Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against “highly targeted cyberattacks.” The “extreme, optional protection” feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats […]
An active exploit in the wild for a vulnerability in the Apple Safari web browser has been publicly revealed by the Google Project Zero team. CVE-2022-22620 is the number assigned to the vulnerability. As of 2016, experts have discovered a way to bypass the fix that was implemented back in 2013. Since the flaw was […]
A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages “speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity,” […]
A cybercriminal group claims to have compromised the computer systems of Foxconn, a major firm dedicated to the manufacture of medical devices and consumer electronics, a partner of technology giants such as Apple. Specifically, hackers attacked the systems of Foxconn Mexico, located in the border city of Tijuana, Baja California. The attack would have been […]
A few days ago, Apple announced the fix of two actively exploited vulnerabilities in macOS Monterey, although users of older versions of the operating system will not receive updates. The flaws were tracked as CVE-2022-22675 and CVE-2022-22674, and reside in macOS Big Sur and macOS Catalina implementations, respectively. MacOS Monterey was released in October 2021 […]
Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild. The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have […]
Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company’s third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component […]
Dozens of Mac device users report that the Zoom video conferencing app keeps their devices’ microphone on even when the app isn’t active. According to reports, the problem lies in the native zoom version in macOS Monterey, a version of the operating system that has a function to alert the user if their microphone or […]
Timur Yunosov is a Russian cybersecurity researcher specializing in mobile security and payment system analysis. Working for Positive Technologies, Yunosov demonstrated how to exploit known vulnerabilities in Apple Pay to access the bank accounts of affected users without even unlocking their smartphones. In addition to exploiting flaws in the affected payment systems, the attack also […]
Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer […]
This week, a young cybersecurity researcher demonstrated how to hack the webcams of Mac devices to leave the devices completely open to other attack variants. Ryan Pickren submitted his report to Apple through its rewards program, earning $100,500 USD for his report, the largest reward the company has ever delivered. The young researcher mentions that […]