December 11, 2023 at 05:30PM Apple released iOS and iPadOS 17.2 with security fixes for 11 vulnerabilities, including memory corruption in ImageIO and code execution flaw in WebKit. The update also addresses privacy and information disclosure issues, as well as previously documented zero-day exploits. Additionally, iOS 16.7.3 and iPadOS 16.7.3 provide security patches for older … Read more
December 11, 2023 at 02:28PM Apple has issued emergency security updates for two zero-day flaws in iOS, iPadOS, tvOS, and watchOS. The CVE-2023-42916 and CVE-2023-42917 vulnerabilities in the WebKit browser engine allowed attackers to access sensitive data and execute arbitrary code. Security researcher Clément Lecigne discovered and reported both flaws. CISA ordered Federal Civilian Executive … Read more
December 7, 2023 at 01:12PM An Apple-commissioned study indicates 2.6 billion personal data records were compromised in breaches over the last two years, underscoring the need for end-to-end encryption. Meeting Takeaways: 1. Apple commissioned a study focusing on data breaches. 2. The study found that 2.6 billion personal data records were compromised over the past … Read more
December 5, 2023 at 05:51PM Researchers at Jamf Threat Labs found ways to bypass Apple’s Lockdown Mode, which aims to prevent cyberattacks. Although the mode reduces vulnerabilities by limiting certain features and functions, the researchers could mimic Lockdown Mode’s signals, misleading users while allowing malware operations. This highlights an industry-wide security oversight on maintaining device … Read more
December 5, 2023 at 10:07AM Malicious actors can deceive users into believing their iPhone is in Lockdown Mode when it’s not, allowing covert attacks. Jamf Threat Labs exposed a method where a compromised device can appear secure, yet malware persists and functions despite the security feature. Apple’s iOS 17 improvements may mitigate such issues. Takeaways … Read more
December 1, 2023 at 04:33PM Apple has released critical updates for iOS, iPadOS, macOS, and Safari to fix two serious security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) potentially exploited in targeted attacks. The flaws, identified by Google’s Clément Lecigne, affect a wide range of Apple devices and could allow data access and code execution. Concurrently, Google patched … Read more
November 30, 2023 at 11:36PM Apple rolled out updates for iOS, iPadOS, macOS, and Safari to fix two actively exploited WebKit vulnerabilities. These flaws could potentially leak sensitive data and enable arbitrary code execution. The affected versions precede iOS 16.7.1, and all WebKit-based browsers on Apple devices are impacted. Devices from iPhone XS and certain … Read more
November 30, 2023 at 02:54PM Apple’s security team reports that older iOS versions, prior to 16.7.1, were exploited due to flaws CVE-2023-42916 and CVE-2023-42917. Patches for these WebKit vulnerabilities have been released for affected iPhones. Meeting Takeaways: 1. Apple’s security response team has identified that vulnerabilities designated as CVE-2023-42916 and CVE-2023-42917 have been exploited. 2. … Read more
November 30, 2023 at 02:49PM Apple has patched 20 zero-day vulnerabilities in 2023, recently addressing two allowing attackers to exploit iPhones, iPads, and Macs via WebKit. The flaws enabled data access and code execution. Updates were issued for various devices and macOS versions. Google TAG identified the exploits, which historically targeted high-risk individuals. Clear Takeaways … Read more
November 30, 2023 at 01:54PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) affecting pre-iOS 16.7.1 devices. Improved validation fixes an out-of-bounds read and improved locking resolves a memory corruption issue. Updates are available for macOS Monterey and Ventura. Potential exploitation of both issues has been reported. Takeaways from the meeting: 1. An Apple advisory … Read more