Apple issues Rapid Security Response for zero-day vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: Safari

Tags: WebKit

Tags: macOS

Tags: iOS

Tags: iPadOs

Tags: CVE-2023-37450

Tags: drive-by

Tags: code execution

Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited.

(Read more…)

The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Read more

Apple's disappearing Rapid Security Response update (u)

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more

Apple's disappearing Rapid Security Response update

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more

Apple warns that UK's Online Safety Bill puts people at 'greater risk'

Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.

And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.

The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.

To read this article in full, please click here

Read more

Update now! Apple fixes three actively exploited vulnerabilities

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: kernel webkit

Tags: CVE-2023-32434

Tags: CVE-2023-32435

Tags: CVE-2023-32439

Tags: type confusion

Tags: integer overflow

Tags: operation triangulation

Apple has released security updates for several products to address a set of flaws it said were being actively exploited.

(Read more…)

The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Read more