Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: Safari Tags: WebKit Tags: macOS Tags: iOS Tags: iPadOs Tags: CVE-2023-37450 Tags: drive-by Tags: code execution Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited. |
The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.
Read more
Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Credit to Author: Paul Ducklin| Date: Tue, 11 Jul 2023 15:21:07 +0000
Previously, we said “do it today”, but now we’re forced back on: “Do not delay; do it as soon as Apple and your device will let you.”
Read more
Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Credit to Author: Paul Ducklin| Date: Mon, 10 Jul 2023 23:12:04 +0000
Don’t delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 29 Jun 2023 16:58:40 +0000
Latest episode – listen now! (Full transcript inside.)
Read more
Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.
And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.
The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. |
The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 22 Jun 2023 00:36:20 +0000
Apple didn’t use the words “Triangulation Trojan”, but you probably will.
Read more