About the security content of iOS 17.7.2 and iPadOS 17.7.2 – Apple Support

November 19, 2024 at 01:54PM Two vulnerabilities (CVE-2024-44308 and CVE-2024-44309) in iOS 17.7.2 and iPadOS 17.7.2 could allow arbitrary code execution and cross-site scripting attacks, respectively, on Intel-based Macs. Updates are available for various iPhone and iPad models starting from iPhone XS and iPad Air 3rd generation onward. ### Meeting Takeaways **Release Information:** – **Release … Read more

New iOS Security Feature Reboots Devices to Protect User Data: Reports

November 12, 2024 at 05:07AM The latest iOS release includes a security feature that reboots locked devices that remain unlocked for extended periods, enhancing user data protection. Here are the key takeaways from the meeting notes: – A new feature in the latest iOS release is designed to enhance security. – This feature automatically reboots … Read more

iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud

October 4, 2024 at 04:11PM Apple has released updates for iOS and iPadOS (18.0.1) to address two privacy-centric bugs. The first bug, affecting VoiceOver accessibility, could read passwords aloud. The second issue involved voice messages recording users before their awareness. Users are advised to update their devices to mitigate these vulnerabilities. However, these issues do … Read more

Brave: Sharp increase in installs after iOS DMA update in EU

March 12, 2024 at 06:29PM Brave Browser gains more users on iPhones in the EU after Apple introduces new default browser selection screen to comply with the Digital Markets Act. The update prompts users to choose from a list of popular browsers, leading to a noticeable increase in Brave installations. Brave advocates for fair competition … Read more

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability

March 11, 2024 at 12:30AM Microsoft took six months to patch a rootkit vulnerability in Windows discovered by North Korean hackers Lazarus Group. Avast researchers notified Microsoft of an admin-to-kernel exploit, but Microsoft did not prioritize the matter, waiting until February’s patch Tuesday to fix the issue. Critical vulnerabilities were also found in recent Apple … Read more

Patch Now: Apple Zero-Day Exploits Bypass Kernel Security

March 6, 2024 at 02:26PM Apple has released emergency security updates to fix two critical iOS zero-day vulnerabilities, allowing cyberattackers to compromise iPhone users at the kernel level. The memory-corruption bugs, CVE-2024-23225 and CVE-2024-23296, enable threat actors to bypass kernel memory protections. Users are urged to update their devices to versions iOS 17.4, iPadOS 17.4, … Read more

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

March 6, 2024 at 01:03AM Apple has released security updates to fix actively exploited vulnerabilities, CVE-2024-23225 and CVE-2024-23296, in its iOS and iPadOS, addressing them with improved validation. The flaws can be exploited by attackers to bypass kernel memory protections. This development adds to a total of three zero-days that Apple has addressed since the … Read more

Apple Blunts Zero-Day Attacks With iOS 17.4 Update

March 5, 2024 at 04:00PM Apple released urgent iOS updates, including iOS 17.4 and iPadOS 17.4, to address multiple security flaws and potential zero-day exploits in the wild. The vulnerabilities, including kernel and RTKit issues, could bypass memory protections. Additionally, the company patched privacy flaws and warned of more fixes to come. Exploited iOS versions … Read more

Apple Ships iOS 17.2 With Urgent Security Patches

December 11, 2023 at 05:30PM Apple released iOS and iPadOS 17.2 with security fixes for 11 vulnerabilities, including memory corruption in ImageIO and code execution flaw in WebKit. The update also addresses privacy and information disclosure issues, as well as previously documented zero-day exploits. Additionally, iOS 16.7.3 and iPadOS 16.7.3 provide security patches for older … Read more

Apple emergency updates fix recent zero-days on older iPhones

December 11, 2023 at 02:28PM Apple has issued emergency security updates for two zero-day flaws in iOS, iPadOS, tvOS, and watchOS. The CVE-2023-42916 and CVE-2023-42917 vulnerabilities in the WebKit browser engine allowed attackers to access sensitive data and execute arbitrary code. Security researcher Clément Lecigne discovered and reported both flaws. CISA ordered Federal Civilian Executive … Read more