December 5, 2023 at 10:07AM Malicious actors can deceive users into believing their iPhone is in Lockdown Mode when it’s not, allowing covert attacks. Jamf Threat Labs exposed a method where a compromised device can appear secure, yet malware persists and functions despite the security feature. Apple’s iOS 17 improvements may mitigate such issues. Takeaways … Read more
December 1, 2023 at 04:33PM Apple has released critical updates for iOS, iPadOS, macOS, and Safari to fix two serious security vulnerabilities (CVE-2023-42916 & CVE-2023-42917) potentially exploited in targeted attacks. The flaws, identified by Google’s ClĂ©ment Lecigne, affect a wide range of Apple devices and could allow data access and code execution. Concurrently, Google patched … Read more
November 30, 2023 at 11:36PM Apple rolled out updates for iOS, iPadOS, macOS, and Safari to fix two actively exploited WebKit vulnerabilities. These flaws could potentially leak sensitive data and enable arbitrary code execution. The affected versions precede iOS 16.7.1, and all WebKit-based browsers on Apple devices are impacted. Devices from iPhone XS and certain … Read more
November 30, 2023 at 02:54PM Apple’s security team reports that older iOS versions, prior to 16.7.1, were exploited due to flaws CVE-2023-42916 and CVE-2023-42917. Patches for these WebKit vulnerabilities have been released for affected iPhones. Meeting Takeaways: 1. Apple’s security response team has identified that vulnerabilities designated as CVE-2023-42916 and CVE-2023-42917 have been exploited. 2. … Read more
November 30, 2023 at 02:49PM Apple has patched 20 zero-day vulnerabilities in 2023, recently addressing two allowing attackers to exploit iPhones, iPads, and Macs via WebKit. The flaws enabled data access and code execution. Updates were issued for various devices and macOS versions. Google TAG identified the exploits, which historically targeted high-risk individuals. Clear Takeaways … Read more
November 30, 2023 at 01:54PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) affecting pre-iOS 16.7.1 devices. Improved validation fixes an out-of-bounds read and improved locking resolves a memory corruption issue. Updates are available for macOS Monterey and Ventura. Potential exploitation of both issues has been reported. Takeaways from the meeting: 1. An Apple advisory … Read more
November 30, 2023 at 01:42PM Apple addressed two WebKit vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that potentially leaked information and allowed code execution on older iOS versions. Updates for iPhones starting from XS and various iPad models are available to mitigate these issues. Reported exploitation exists against iOS versions before 16.7.1. Meeting Takeaways: 1. Apple has addressed … Read more
November 30, 2023 at 01:42PM Apple fixed two WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) affecting macOS Sonoma that could disclose sensitive info or execute arbitrary code; possibly exploited in iOS pre-16.7.1. Release on 2023-11-30, addressed via improved input validation and locking. Meeting Takeaways: 1. A recent Apple security document with ID HT214032 was discussed. 2. Two vulnerabilities … Read more
October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more
October 26, 2023 at 01:47PM University researchers have developed a new exploit called iLeakage that can steal information from Apple Macs, iPhones, and iPads. The exploit targets Apple’s Safari browser and can steal secrets such as Gmail inbox data, text messages, and watch histories from YouTube. It can be launched against devices running Apple’s A-series … Read more