Recent Version of LightSpy iOS Malware Packs Destructive Capabilities

October 30, 2024 at 07:05AM A recent update of the LightSpy malware for iOS introduces more than a dozen new plugins, some featuring destructive capabilities. This development raises concerns about the malware’s potential impact on device security. **Meeting Takeaways:** 1. **Update on LightSpy Malware**: A newer version of the LightSpy malware specifically designed for iOS … Read more

Apple fixes bug that let VoiceOver shout your passwords

October 4, 2024 at 08:05AM Apple has addressed two security bugs in iOS 18.0.1 and iPadOS 18.0.1. One bug may read users’ saved passwords aloud, posing a risk to the visually impaired. Another bug affects iPhone 16’s audio capture in iMessage, capturing audio before indicating recording. Apple urges users to apply the latest update for … Read more

Hackers steal banking creds from iOS, Android users via PWA apps

August 21, 2024 at 04:59PM Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation … Read more

Siri Bug Enables Data Theft on Locked Apple Devices

July 31, 2024 at 03:32PM Apple released updates for its products to address vulnerabilities in Siri and digital assistants across its devices. The updates aim to prevent unauthorized access to sensitive data, such as contacts, even when the device is locked. Users are advised to update to iOS 17.6 and iPadOS 17.6 to mitigate these … Read more

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits

April 8, 2024 at 08:36AM Crowdfense, a firm specializing in exploit acquisition, seeks zero-day exploits for Android, iOS, Chrome, and Safari, offering rewards of up to $30 million. The company’s program, established in 2019 and expanded in 2021, provides substantial bounties for high-quality exploits. Other firms are also seeking to purchase Android and iOS exploits, … Read more

Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability

February 23, 2024 at 01:09AM A high-severity security flaw in Apple’s Shortcuts app, CVE-2024-23204, was patched on January 22, 2024. The flaw allowed shortcuts to access sensitive data without user consent. Bitdefender researcher discovered the bug, stating it could bypass TCC policies and exfiltrate data to a malicious server. The vulnerability was fixed in iOS … Read more

iOS Trojan Collects Face and Other Data for Bank Account HackingĀ 

February 19, 2024 at 05:39AM Group-IB researchers discovered iOS trojan GoldPickaxe, utilized by Chinese cybercriminal group GoldFactory in APAC region. Trojan collects personal and banking info, including face profiles, SMS, and ID photos. It was distributed through fake apps and MDM profiles, while the Android version has more features. Group-IB warns of potential expansion beyond … Read more

CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS

February 1, 2024 at 12:32AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity flaw affecting Apple operating systems to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2022-48618, the bug could allow an attacker to bypass Pointer Authentication. Apple addressed the issue with improved checks, and CISA recommends applying fixes by February 21, … Read more

CISA warns of patched iPhone kernel bug now exploited in attacks

January 31, 2024 at 02:08PM CISA warned of actively exploited kernel security flaw in Apple iPhones, Macs, TVs, and watches (CVE-2022-48618), allowing attackers to bypass Pointer Authentication. Apple addressed the flaw in iOS 16.2, macOS Ventura, and others. Devices affected include iPhone 8 and later, iPads, Macs, Apple TVs, and Apple Watches. Federal agencies ordered … Read more