Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

Categories: Exploits and vulnerabilities

Categories: News

Tags: Blastpass

Tags: citizenlab

Tags: pegasus

Tags: nso

Tags: cisa

Tags: apple

Tags: cve-2023-41064

Tags: cve-2023-41061

Tags: buffer overflow

CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities.

(Read more…)

The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Credit to Author: BrianKrebs| Date: Tue, 12 Sep 2023 22:36:01 +0000

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Read more

Message to IT: Update all your Apple devices right away

Apple has pushed out an essential security update to defend against yet another attack by an out-of-control mercenary surveillance group.

Like a bad smell, NSO Group has clawed its way back into the spotlight with yet another unprincipled attack against free speech and citizens’ rights, as revealed by Citizen Lab. The security researchers found this latest example of a sinister, yet egregious zero-click attack while checking the device of an “Individual employed by a Washington DC-based civil society organization with international offices.”

To read this article in full, please click here

Read more

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Categories: Threat Intelligence

Tags: amos

Tags: apple

Tags: malvertising

Tags: atomic stealer

Tags: wallets

Tags: crypto

Tags: mac

While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well.

(Read more…)

The post Mac users targeted in new malvertising campaign delivering Atomic Stealer appeared first on Malwarebytes Labs.

Read more

With BYOD comes responsibility — and many firms aren't delivering

Apple deployments are accelerating across the global enterprise, so it’s surprising that many organizations don’t properly recognize that change. Even when companies put Macs, iPhones, and iPads in the hands of their employees, they are failing to manage these deployments. It’s quite shocking.

That’s the biggest take-away from the latest Jamf research, which warns that almost half of enterprises across Europe still don’t have a formal Bring-Your-Own-Device (BYOD) policy in place. That’s bad, as it means companies have no control over how employees connect and use corporate resources, creating a nice, soft attack surface for criminals and competitors alike.

To read this article in full, please click here

Read more

New law could turn UK into a hacker's playground

It looks as if people are at last waking up to a second extraordinarily dangerous requirement buried within a UK government bill designed to promote the nation as a surveillance state. It means bureaucrats can delay or prevent distribution of essential software updates, making every computer user far less secure.

A poor law

This incredibly damaging limitation is just one of the many bad ideas buried in the UKs latest piece of shoddy tech regulation, the Investigatory Powers Act. What makes the law doubly dangerous is that in the online world, you are only ever as secure as your least secure friend, which means UK businesses will likely suffer by being flagged as running insecure versions of operating systems.

To read this article in full, please click here

Read more

Managed Apple IDs, iCloud, and the shadow IT connection

Apple is continuing its expansion of Managed Apple IDs for business customers, giving them increased access to iCloud services and Apple Continuity features. Companies get iCloud backup and new syncing options (particularly for passwords, passkeys, and other enterprise credentials) — along with access to business-friendly Continuity features such as Universal Control.

But they could also lead to increased data sprawl and siloing. Ironically, those issues are typically related to shadow IT, even though they’re enterprise features. Let’s look at what’s going on and how enterprises can take advantage of these features and services without running into trouble.

To read this article in full, please click here

Read more

Jamf Threat Labs subverts iPhone security with fake Airplane Mode

Fresh security research from Jamf Threat Labs may not reflect an active attack, but it does illustrate the layered complexity of today’s threat environment.

When Airplane mode isn’t Airplane mode

In brief, the researchers have figured out a proof of concept attack that tricks victims into thinking they are using Airplane Mode. However, in reality the attacker has put in place a fake version of that mode that looks normal but lets the attacker maintain access to the device.

This is by no means a straightforward attack and hasn’t been seen in the wild. The exploit is complex and would require an attacker to successfully take control of the target device through a series of exploits, the research claims. 

To read this article in full, please click here

Read more

Researchers build a scary Mac attack using AI and sound

A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren’t particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

“(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified,” the researchers wrote.

To read this article in full, please click here

Read more

Apple toughens up app security with API control

Apple is at war with device fingerprinting — the use of fragments of unique device-specific information to track users online. This fall, it will put in place yet another important limitation to prevent unauthorized use of this kind of tech.

Apple at WWDC 2023 announced a new initiative designed to make apps that do track users more obvious while giving users additional transparency into such use. Now it has told developers a little more about how this will work in practice.

To read this article in full, please click here

Read more