Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more

Apple Pushes Major iOS, macOS Security Updates

December 11, 2024 at 02:57PM Apple released significant security updates for iOS 18.2 and macOS Sequoia 15.2 to address vulnerabilities, including data leakage and code execution risks. Key patches target flaws in kernel, WebKit, and AppleMobileFileIntegrity components, and fix a critical defect in libexpat that could lead to unauthorized remote actions. ### Meeting Takeaways: 1. … Read more

About the security content of iOS 18.2 and iPadOS 18.2 – Apple Support

December 11, 2024 at 01:33PM Apple’s iOS 18.2 and iPadOS 18.2 address multiple security vulnerabilities with improved checks and memory handling. Notable risks include potential unauthorized access to private information, memory corruption, and sensitive data leaks. Updates are available for iPhone XS and later, various iPad models, enhancing overall system security. ### Meeting Notes Summary … Read more

About the security content of iPadOS 17.7.3 – Apple Support

December 11, 2024 at 01:33PM Apple’s iPadOS 17.7.3 update, releasing on December 11, 2024, addresses multiple vulnerabilities (CVE-2024-44201, CVE-2024-54486, among others) affecting iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad 6th gen. Issues include memory disclosure, kernel state leakage, denial of service, and unexpected crashes. ### Meeting Notes Summary **Apple ID**: 121838 **Release … Read more

Apple Urgently Patches Actively Exploited Zero-Days

November 20, 2024 at 11:13AM Apple has released security updates for two zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, affecting multiple operating systems and Safari. These vulnerabilities could lead to arbitrary code execution and cross-site scripting attacks. Users are urged to update their devices to mitigate risks of exploitation. **Meeting Takeaways:** 1. **Security Updates Released:** Apple has … Read more

Apple fixes two zero-days used in attacks on Intel-based Macs

November 19, 2024 at 04:57PM Apple issued emergency security updates to address two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. The updates aim to enhance security and protect users from potential threats. **Meeting Takeaways:** 1. Apple has released emergency security updates. 2. The updates address two zero-day vulnerabilities. 3. The vulnerabilities … Read more

About the security content of visionOS 2.1.1 – Apple Support

November 19, 2024 at 02:43PM Apple has addressed two security vulnerabilities in visionOS 2.1.1 for the Apple Vision Pro, with release set for November 19, 2024. CVE-2024-44308 involves potential arbitrary code execution from malicious web content, while CVE-2024-44309 addresses cookie management issues that could lead to cross-site scripting attacks. ### Meeting Notes Takeaways 1. **Upcoming … Read more

About the security content of iOS 18.1.1 and iPadOS 18.1.1 – Apple Support

November 19, 2024 at 01:54PM Apple released updates on November 19, 2024, addressing CVE-2024-44308 and CVE-2024-44309, which involved vulnerabilities that could lead to arbitrary code execution and cross-site scripting attacks, respectively. The issues were reported to have been actively exploited on Intel-based Macs and affect iOS and iPadOS 18.1.1 devices. ### Meeting Takeaways **Release Information:** … Read more

About the security content of macOS Sequoia 15.1.1 – Apple Support

November 19, 2024 at 01:54PM Apple has addressed two security vulnerabilities in macOS Sequoia 15.1.1 (CVE-2024-44308 and CVE-2024-44309), which involve arbitrary code execution and cross-site scripting attacks, respectively. Both issues may have been actively exploited on Intel-based Mac systems, with updates now available. Release date is November 19, 2024. **Meeting Takeaways:** 1. **Release Information:** – … Read more

About the security content of iOS 17.7.2 and iPadOS 17.7.2 – Apple Support

November 19, 2024 at 01:54PM Two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) in iOS 17.7.2 and iPadOS 17.7.2 could allow arbitrary code execution and cross-site scripting attacks, respectively, on Intel-based Macs. Updates are available for various iPhone and iPad models starting from iPhone XS and iPad Air 3rd generation onward. ### Meeting Takeaways **Release Information:** – **Release … Read more