Vision Pro, Apple Silicon, Macs, new enterprise tools — and privacy protection were all among the many WWDC announcements Apple made this week.
Introducing these protections, Craig Federighi, Apple’s senior vice president for software engineering said: “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world.
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: macOS Tags: Ventura 13.4 Tags: Monterey 12.6.6 Tags: Big Sur 11.7.7 Tags: libxpc Tags: SIP Tags: XPC Tags: NVRAM Tags: CVE-2023-32369 Tags: Migraine Microsoft has released details about a vulnerability that can bypass macOS’s System Integrity Protection |
The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Cisco Tags: Zyxel Tags: ChatGPT Tags: Malvertising Tags: Apple Tags: Google Tags: insider threat Tags: Pentagon explosion Tags: CISA Tags: ransomware guide Tags: Rheinmetall Tags: BlackBasta Tags: WordPress A list of topics we covered in the week of May 22- 28 of 2023 |
The post A week in security (May 22-28) appeared first on Malwarebytes Labs.
Read more
Enterprise admins handling fleets of Macs take note: there’s a new security management tool from Apple device management firm Addigy.
The MDM Watchdog Utility monitors the MDM framework on devices and automatically forces software patches to be installed if they’re not already in place. This is designed to help solve a specific problem in which some (not all) managed Macs do not properly install Apple’s Rapid Security Response updates.
In today’s fast-moving threat environment, Apple has introduced Rapid Security Response (RSR) as a key front line against new threats. The defense is intended to be distributed and installed across Apple’s platforms as swiftly as possible once new threats are identified. The idea is that by expediting distribution and making installation a quicker process, it will be easier to maintain security across Mac fleets. That’s important as the scale of Apple deployments grows and enterprises move to support employee choice.
Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: RSR Tags: CVE-2023-32409 Tags: CVE-2023-28204 Tags: CVE-2023-32373 Tags: out of bounds Tags: use after free Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month. |
The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.
Read more
Apple’s big developer event is approaching, and it looks as if the company will press home its message on privacy as it begins to seed support for the AR operating systems it’s now expected to announce there.
As of now, the Worldwide Developer Conference (WWDC) starting June 5 seems set to see Apple introduce its first mixed reality glasses, likely called RealityPro. These will be accompanied by an operating system that recent patent filings suggest will be called xrOS or xrProOS. The event will also see Apple introduce new iterations of its other operating systems, which developers will be able to work with soon after the show.
Reflecting warnings given earlier, Apple is now among the growing number of businesses banning employees from using OpenAI’s ChatGPT and other similar cloud-based generative AI services in a bid to protect data confidentiality. The Wall Street Journal reports that Apple has also barred staff from using GitHub’s Copilot tool, which some developers use to help write software.
Credit to Author: Paul Ducklin| Date: Fri, 19 May 2023 01:02:03 +0000
All Apple users have zero-days that need patching, though some have more zero-days than others.
Read more
Apple co-founder Steve Wozniak has been touring the media to discuss the perils of generative artificial intelligence (AI), warning people to be wary of its negative impacts. Speaking to both the BBC and Fox News, he stressed that AI can misuse personal data, and raised concerns it could help scammers generate even more effective scams, from identity fraud to phishing to cracking passwords and beyond.
“We’re getting hit with so much spam, things trying to take over our accounts and our passwords, trying to trick us into them,” he said.
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft’s Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability |
The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.
Read more