Apple

Pierluigi Paganini March 05, 2024
Apple emergency security updates fix two new iOS zero-days

Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it […]

Pierluigi Paganini February 24, 2024
Apple created post-quantum cryptographic protocol PQ3 for iMessage

Apple announced the implementation of a post-quantum cryptographic protocol called PQ3 will be integrated into iMessage. Apple announced a new post-quantum cryptographic protocol called PQ3 that will be integrated into the company messaging application iMessage to secure communications against highly sophisticated quantum attacks. Apple said that PQ3 is the first messaging protocol to reach what they call Level 3 […]

Pierluigi Paganini January 31, 2024
CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer […]

Pierluigi Paganini January 18, 2024
iShutdown lightweight method allows to discover spyware infections on iPhones

Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover stealthy and poweful surveillance software like NSO Group‘s Pegasus, Intellexa‘s Predator, QuaDream‘s Reign. The researchers focused on an […]

Pierluigi Paganini January 15, 2024
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory […]

Pierluigi Paganini December 28, 2023
Operation Triangulation attacks relied on an undocumented hardware feature

Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices. In early June, Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part […]

Pierluigi Paganini December 12, 2023
Apple released iOS 17.2 to address a dozen of security flaws

Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code […]

Pierluigi Paganini November 30, 2023
Apple addressed 2 new iOS zero-day vulnerabilities

Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, […]

Pierluigi Paganini October 26, 2023
iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini October 12, 2023
Apple releases iOS 16 update to fix CVE-2023-42824 on older devices

Apple released versions iOS 16.7.1 and iPadOS 16.7.1 to address the CVE-2023-42824 vulnerability that has been actively exploited in attacks. Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. Last week, […]