Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: Safari Tags: WebKit Tags: macOS Tags: iOS Tags: iPadOs Tags: CVE-2023-37450 Tags: drive-by Tags: code execution Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited. |
The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.
Read more
Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Credit to Author: Paul Ducklin| Date: Tue, 11 Jul 2023 15:21:07 +0000
Previously, we said “do it today”, but now we’re forced back on: “Do not delay; do it as soon as Apple and your device will let you.”
Read more
Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Credit to Author: Paul Ducklin| Date: Mon, 10 Jul 2023 23:12:04 +0000
Don’t delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Read more
Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.
And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.
The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.
Credit to Author: Paul Ducklin| Date: Thu, 22 Jun 2023 00:36:20 +0000
Apple didn’t use the words “Triangulation Trojan”, but you probably will.
Read more
OpenAI shipped its ChatGPT app for iPads and iPhones just a week ago, but it has already become one of the most popular applications in the last two years, with over half a million downloads in the first six days. That’s a real achievement, but also a challenge — that’s half a million potential data vulnerabilities.
Not to rest on its laurels, this year’s favorite smart assistant (so far) is now also available in 41 additional nations. There’s little doubt that this has been one of the most successful software/service introductions of all time, but that doesn’t change the inherent risk of these technologies.
Apple’s big developer event is approaching, and it looks as if the company will press home its message on privacy as it begins to seed support for the AR operating systems it’s now expected to announce there.
As of now, the Worldwide Developer Conference (WWDC) starting June 5 seems set to see Apple introduce its first mixed reality glasses, likely called RealityPro. These will be accompanied by an operating system that recent patent filings suggest will be called xrOS or xrProOS. The event will also see Apple introduce new iterations of its other operating systems, which developers will be able to work with soon after the show.
Reflecting warnings given earlier, Apple is now among the growing number of businesses banning employees from using OpenAI’s ChatGPT and other similar cloud-based generative AI services in a bid to protect data confidentiality. The Wall Street Journal reports that Apple has also barred staff from using GitHub’s Copilot tool, which some developers use to help write software.