Apple patches zero-day holes – even in the brand new iOS 16
Credit to Author: Paul Ducklin| Date: Mon, 12 Sep 2022 21:25:49 +0000
Five updates, one upgrade, plus two zero-days. Patch your Macs, iPhones and iPads as soon as you can (again)…
Read moreiOS
Apple patches a zero-day hole – even in the brand new iOS 16
Credit to Author: Paul Ducklin| Date: Mon, 12 Sep 2022 21:25:49 +0000
Five updates, one upgrade, plus a zero-day. Patch your Macs, iPhones and iPads as soon as you can (again)…
Read moreURGENT! Apple slips out zero-day update for older iPhones and iPads
Credit to Author: Paul Ducklin| Date: Wed, 31 Aug 2022 18:42:42 +0000
Patch as soon as you can – that recent WebKit zero-day affecting new iPhones and iPads is apparently being used against older models, too.
Read moreURGENT! Apple quietly slips out zero-day update for older iPhones
Credit to Author: Paul Ducklin| Date: Wed, 31 Aug 2022 18:42:42 +0000
Patch as soon as you can – that recent WebKit zero-day affecting new iPhones is apparently being used against older models, too.
Read moreWhat is Managed Device Attestation on Apple platforms?
Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700
Announced at WWDC 2022, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.
Secure the endpoints, not the end times
This adjustment reflects a reality shift. Work doesn’t happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.
Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.
Urgent update for macOS and iOS! Two actively exploited zero-days fixed
Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: CVE-2022-32894 Tags: CVE-2022-32893 Tags: kernel privileges Tags: WebKit Tags: actively exploited Tags: watering hole Tags: exploit kit Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. |
The post Urgent update for macOS and iOS! Two actively exploited zero-days fixed appeared first on Malwarebytes Labs.
Read moreApple patches double zero-day in browser and kernel – update now!
Credit to Author: Paul Ducklin| Date: Wed, 17 Aug 2022 23:33:21 +0000
Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Read moreWhat is USB Restricted Mode in macOS Ventura, and why do you want it?
Credit to Author: Jonny Evans| Date: Mon, 15 Aug 2022 06:35:00 -0700
Once upon a time, one attack vector for industrial sabotage consisted of exfiltrating data from Macs using a standard-issue USB storage card. Researchers have also shown that it’s possible to hijack computers with malware-infested cables. It’s a jungle out there, so Apple has toughened up (Apple Silicon) Mac protection with USB Restricted Mode.
What is USB Restricted Mode?
Beginning with macOS Ventura, the new layer of protection comes in the form of USB Restricted mode, which should provide a little reassurance to enterprise IT and is enabled by default.
Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry
Credit to Author: Jonny Evans| Date: Thu, 07 Jul 2022 06:17:00 -0700
Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.
Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”
Hermit spyware is deployed with the help of a victim’s ISP
Credit to Author: Jovi Umawing| Date: Wed, 29 Jun 2022 10:03:54 +0000
A new commercial spyware for governments, called Hermit, has spotted in the wild. It affects iOS and all Android versions.
The post Hermit spyware is deployed with the help of a victim’s ISP appeared first on Malwarebytes Labs.
Read more