Apple's disappearing Rapid Security Response update

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more

How and why to use FIDO Security Keys for Apple ID

In a world that needs Apple’s recently-improved Lockdown Mode to protect good people against bad ones, high-risk individuals should consider using physical security keys to protect their Apple ID.

What are Security Keys and what do they do?

Security keys are small devices that look a little like thumb drives. Apple at WWDC 2020 confirmed plans to support FIDO authentication beginning with iOS 14 and macOS 11; now, with the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple lets you use them to verify your Apple ID, replacing a passcode. They become one of the two forms of identification you require with two-factor authentication (2FA).

To read this article in full, please click here

Read more

Microsoft gives Apple a migraine

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: macOS

Tags: Ventura 13.4

Tags: Monterey 12.6.6

Tags: Big Sur 11.7.7

Tags: libxpc

Tags: SIP

Tags: XPC

Tags: NVRAM

Tags: CVE-2023-32369

Tags: Migraine

Microsoft has released details about a vulnerability that can bypass macOS’s System Integrity Protection

(Read more…)

The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.

Read more

Addigy promises a fix for Apple devices stuck on OSUpdateScan

Enterprise admins handling fleets of Macs take note: there’s a new security management tool from Apple device management firm Addigy.

The MDM Watchdog Utility monitors the MDM framework on devices and automatically forces software patches to be installed if they’re not already in place. This is designed to help solve a specific problem in which some (not all) managed Macs do not properly install Apple’s Rapid Security Response updates.

When security isn’t

In today’s fast-moving threat environment, Apple has introduced Rapid Security Response (RSR) as a key front line against new threats. The defense is intended to be distributed and installed across Apple’s platforms as swiftly as possible once new threats are identified. The idea is that by expediting distribution and making installation a quicker process, it will be easier to maintain security across Mac fleets. That’s important as the scale of Apple deployments grows and enterprises move to support employee choice.

To read this article in full, please click here

Read more

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

Categories: Apple

Categories: News

Tags: macOS

Tags: iOS

Tags: iPadOS

Tags: Rapid Security Response

Tags: RSR

After announcing Rapid Security Response (RSR) last year, Apple has finally released the first RSR patches to the public.

(Read more…)

The post Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users appeared first on Malwarebytes Labs.

Read more

Apple, platform security, and the next big war

When Apple CEO Tim Cook in 2016 warned of a cybersecurity war, he was specifically discussing the pressure Apple then faced to create back doors on its platforms so law enforcement could snoop on users.  

He was championing encryption and opposing the creation of designer vulnerabilities that can be exploited by any entity that knows they exist. Since then, we’ve seen a cancerous tumult of surveillance as a service that companies such as the NSO Group break out, each of them using the kind of hard-to-find flaws governments may insist on platform providers creating.

To read this article in full, please click here

Read more

Kandji explains its new Endpoint Detection and Response tools

Read more

3CX Breach Was a Double Supply Chain Compromise

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Read more

Update now! Apple fixes actively exploited vulnerability and introduces new features

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: macOS

Tags: iOS

Tags: iPadOS

Tags: watchOS

Tags: tvOS

Tags: Studio Display

Tags: CVE-2023-23529

Tags: type confusion

Tags: emoji

Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability.

(Read more…)

The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.

Read more