Apple – Page 12 – PossibleThreat Articles

Jamf debuts sophisticated security protection for executive iPhones

April 24, 2023 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Newton’s Third Law of motion argues that for every action there is an equal and opposite reaction. With that in mind, it’s no surprise that the Apple ecosystem is fighting back in a big way against the mercenary spyware companies that have made headlines recently.

Improving situational awareness

Few people in tech sit comfortably with NSO Group and others in their attacks against journalists, human rights advocates, and high-value targets on behalf of repressive governments. They know that these technologies tend to proliferate, which is why most firms are now engaged in finding new ways to fight back.

To read this article in full, please click here

ComputerWorld Independent

Security researchers uncover NSO Group iPhone attacks in Europe

April 24, 2023 0 Comments Apple, iOS, iPhone, Mobile, Security, small and medium business

Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked for a global news agency.

Older iPhones at most risk

The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”

To read this article in full, please click here

ComputerWorld Independent

NSO Group returns with triple iOS 15/16 zero-click spyware attack

April 18, 2023 0 Comments Apple, iOS, Mobile, Security, small and medium business

No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.

It also suggests Lockdown Mode is effective against such attacks.

A trio of exploits used in complex form

The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.

To read this article in full, please click here

Security Sophos

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

April 17, 2023 0 Comments Android, Apple, data loss, FBI, FCC, Google, iOS, juicejacking, Law & order, Privacy

Credit to Author: Paul Ducklin| Date: Mon, 17 Apr 2023 14:17:46 +0000

USB charging stations – can you trust them? What are the real risks, and how can you keep your data safe on the road?

Security Sophos

S3 Ep130: Open the garage bay doors, HAL [Audio + Text]

April 13, 2023 0 Comments Apple, Cybercrime, exoploit, Hacking, IoT, Microsoft, Naked Security Podcast, Podcast, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Thu, 13 Apr 2023 16:54:01 +0000

I’m sorry, Dave. I’m afraid I can’t… errr, no, hang on a minute, I can do that easily! Worldwide! Right now!

MalwareBytes Security

Update now! April’s Patch Tuesday includes a fix for one zero-day

April 12, 2023 0 Comments Adobe, Apple, Cisco, cve-2023-21554, cve-2023-28231, cve-2023-28252, Exploits and vulnerabilities, Google, Microsoft, Mozilla, news, office, publisher, sap, word

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Adobe

Tags: Cisco

Tags: SAP

Tags: Mozilla

Tags: CVE-2023-28252

Tags: CVE-2023-28231

Tags: CVE-2023-21554

Tags: Word

Tags: Publisher

Tags: Office

One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month’s Patch Tuesday updates.

ComputerWorld Independent

Yet more digital spies targeting iPhones exposed by security researchers

April 12, 2023 0 Comments Android, Apple, iPhone, Mobile, Security, small and medium business

Just weeks after President Biden signed an executive order designed to prevent the US government from purchasing commercial spyware used to subvert democracies, researchers have identified yet another shameful zero-click, zero-day exploit that targeted iPhone users. This spy-for-hire ‘solution’ was sold by an Israeli firm called QuaDream.

Making everyone less safe

QuaDream’s attacks have been exposed by security researchers at Microsoft and Citizen Lab. QuaDream is a more secretive entity than NSO Group but shares much of the same pedigree, including being founded by ex-NSO Group employees and having connections to Israeli intelligence. Its attacks were first exposed last year, but the researchers have since found more about how these digital mercenaries worked.

To read this article in full, please click here

MalwareBytes Security

Apple releases emergency updates for two known-to-be-exploited vulnerabilities

April 11, 2023 0 Comments Apple, cve-2023-28205, cve-2023-28206, Exploits and vulnerabilities, ios 16.4.1, iosurfaceaccelerator, ipados 16.4.1, macos 13.3.1, news, out-of-bounds write, use-after-free

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: iOS 16.4.1

Tags: iPadOS 16.4.1

Tags: macOS 13.3.1

Tags: CVE-2023-28206

Tags: CVE-2023-28205

Tags: use-after-free

Tags: out-of-bounds write

Tags: IOSurfaceAccelerator

Apple has released iOS 16.4.1, iPadOS 16.4.1, and macOS 13.3.1 for the iPhone, iPad, and Mac, respectively, and our advice is to install them as soon as possible.

Security Sophos

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

April 10, 2023 0 Comments Apple, Exploit, iOS, kernel bug, OS X, rce, spyware, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 10 Apr 2023 20:20:44 +0000

That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now!

Security Sophos

Apple issues emergency patches for spyware-style 0-day exploits – update now!

April 7, 2023 0 Comments 0 day, amnesty international, Apple, Apple Safari, Exploit, iOS, iPhone, mac, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Sat, 08 Apr 2023 01:20:44 +0000

A bug to hack your browser, then a bug to pwn the kernel… reported from the wild by Amnesty International.