Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.
"Apple is aware of a report that this issue may have been actively exploited," the company revealed in security advisories describing the security flaws.
The bugs were found in the Image I/O and Wallet frameworks and are tracked as CVE-2023-41064 (discovered by Citizen Lab security researchers) and CVE-2023-41061 (discovered by Apple). Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
CVE-2023-31064 is a remote code execution flaw that is exploited by sending maliciously crafted images via iMessage. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
This is new. For the very first time, Apple has released a Rapid Security Response (RSR) update to iPhone users, with a corresponding RSR for the Mac. It represents a change in how Apple will launch smaller updates—as indicated by the number of this one. After iOS 16.4.1, you might legitimately have expected iOS 16.4.2 as the small update before iOS 16.5 lands.
But no, we now have a letter, and even parentheses, to attach to the numbers: here comes Apple iOS 16.4.1 (a). Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Es wäre erstmal keine große Nachricht, dass Forscher der Technischen Universität Darmstadt eine neue Sicherheitslücke entdeckt haben, die dazu genutzt werden könnte, Malware auf Ihr iPhone zu übertragen. Angriffspunkte werden immer wieder entdeckt und im Idealfall schnell per Update behoben. Das Besondere an dieser Sicherheitslücke ist, dass auf sie zugegriffen werden kann, wenn ein iPhone ausgeschaltet ist.
Angreifbar sind nur iPhones mit Jailbreak, so dass sich die meisten Nutzer im Moment keine Sorgen machen müssen. Aber wie "Ars Technica" betont, könnte das theoretische Risiko zu einem realen werden, wenn Hacker Schwachstellen entdecken, mit denen diese Sicherheitslücke ausgenutzt werden kann. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Here on Naked Security, we’ve been lamenting the mysterious nature of Apple’s security updates for ages.
For example, even when widely-known security problems appear in components that are part of Apple’s operating system, Apple routinely refuses to say when, or even if, it plans to address the issues itself. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Deux équipes de white hackers (les gentils) chinois ont réussi à hacker un iPhone 13 Pro en moins de 15 secondes à chaque fois. Ils ont empoché 450.000 dollars de récompense.
Inviolables, les iPhone? Il n’a fallu que deux fois 15 secondes à deux équipes de hackers, lors de la Tianfu Cup, la grand-messe chinoise de cette spécialité, pour prendre le contrôle d’un iPhone 13 Pro.
La première fois sur scène, et la seconde à distance. Les premiers ont empoché 300.000 dollars de récompense et les deuxièmes 150.000 dollars.
Les failles n’ont pas été rendues publiques mais elles malmènent l’image qu’Apple essaie de donner de ses appareils. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
A specially-crafted hotspot can cause big problems for your iPhone or iPad.
Software engineer Carl Schou discovered that a specific network name -- %secretclub%power -- can completely disable your iPhone's ability to connect to Wi-Fi. And beware, because things cannot be restored back to normal by rebooting the device or resetting the iPhone's network settings. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
The vulnerabilities were identified in the Webkit browser engine and Safari. When combined together, the flaws would let infected websites to activate cameras on iPhone, iPad, and Mac.
Eventually, Pickern hijacked the iPhone’s camera and notified Apple product security team about it. The company patched the flaws in January and rewarded Pickern with a handsome amount.
See: Vulnerability in Zoom video conference app lets Mac’s camera hijacking
As for Apple’s Security Bounty Program; launched in December last year, the program offers white hack hackers and security research some big bucks. You can also become a part of it. More information on the Security Bounty Program is available here. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
So, when renowned investigative cybersecurity journalist Brian Krebs recently published a quizzical article entitled The iPhone 11 Pro’s Location Data Puzzler, tongues began to wag.
What puzzled Krebs is that the privacy interface for Location Services on his iPhone didn’t seem to work as he expected, which he rightly thought was worth investigating carefully.
After all, thanks to GPS, modern smartphones can work out where you are with astonishing precision, even when you’re offline and have no other positioning data to refer to.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Mr. Lockscreen Bypass has done it again.
Spanish security sleuth José Rodríguez on Friday posted a YouTube video of his most recent iOS lock-screen bypass: one that allows an iPhone to be tricked into showing its address book without the need to unlock the screen.
The researcher told The Register that he found this bypass in July, in what was then the beta of iOS 13.
As the video shows, the bypass involves receiving a call and opting to respond with a text message, and then changing the “to” field of the message, which you can do via voice-over. The “to” field pulls up the phone’s contacts list, thus enabling randoms to paw through your contact list without needing to first unlock your phone. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
The iPhone may be more vulnerable than we thought. A company that buys hacking tools is claiming the market is now "flooded" with exploits that can crack iOS security protections.
Cyber arms dealer Zerodium is known for purchasing attacks on unpatched vulnerabilities in iOS and Android, and then selling access to them to government clients. The company currently offers up to $2 million for exploits that can hack an iPhone without any interaction from the user.
However, the supply for iOS exploits has been getting crowded. "The last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world," Zerodium CEO Chaouki Bekrar told BleepingComputer.
"The zero-day market is so flooded by iOS exploits that we've recently started refusing some [of] them," he added. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=ZERODIUM
|
Scooped by
Gust MEES
|
Eine Gruppe von Cyberkriminellen hat über manipulierte Webseiten jahrelang iOS-Geräte mit Schadsoftware infiziert. Dadurch erhielten die Angreifer Zugriff auf installierte Apps, Daten und Nachrichten. Googles Sicherheitsteam Project Zero ist auf eine äußerst kritische Lücke in Apples iOS-System gestoßen, die über Jahre hinweg aktiv von Cyberkriminellen ausgenutzt wurde. Bereits der Besuch einer manipulierten Webseite reichte aus, um den Angreifern weitreichende Systemzugriffe zu ermöglichen. Apple hat den Fehler mit dem Update auf iOS 12.1.4 behoben. Wer das aktuelle Betriebssystem auf iPhone und iPad nutzt, ist demnach sicher.
Selbst verschlüsselte Nachrichten konnten mit der Schadsoftware ausgelesen werden. (Quelle: Google Project Zero )Wie der Sicherheitsforscher Ian Beer in einem ausführlichen Blogpost erläutert, waren von der Sicherheitslücke die iOS-Version 10 - 12 betroffen. Demnach waren die Apple-Geräte bereits seit September 2016 angreifbar. Der Fehler wurde von einer bislang nicht bekannten Hacker-Gruppe ausgenutzt, die über manipulierte Webseiten ihre Attacken starteten. Bereits der Besuch dieser Webseiten genügte, um die iOS-Geräte mit Schadsoftware (sogenannten Implants) zu verseuchen. Durch den Angriff konnten sich die Hacker weitreichenden Systemzugriff sichern und somit etwa verschlüsselte Nachrichten aus iMessage, WhatsApp oder Telegram auslesen oder E-Mails, Fotos und GPS-Informationen erbeuten und an einen entfernten Server senden - alles in Echtzeit. Die Schadsoftware blieb so lange im Betriebssystem verankert, bis das Mobilgerät neu gestartet wurde. Für einen erneuten Zugriff musste dann wieder eine der manipulierten Webseiten angesurft werden. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
A security researcher caused something of a kerfuffle during the Def Con 2023 hacking conference in Las Vegas last month. Some attendees with iPhones were shocked to see an Apple pop-up notification asking them to connect to a nearby Apple TV device using their Apple ID credentials. Not least, as some of the hackers on the receiving end of these Bluetooth-powered prompts were running with Bluetooth disabled. Or so they thought. Now, another security researcher has demonstrated a similar hack that uses a readily available hacking device to spam nearby iPhones with pop-up notifications and effectively execute a denial of service attack. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Apple has backported security patches addressing a remotely exploitable zero-day vulnerability to older iPhones and iPads.
This bug is tracked as CVE-2022-42856, and it stems from a type confusion weakness in Apple's Webkit web browser browsing engine.
Apple said that the flaw discovered by Clément Lecigne of Google's Threat Analysis Group allows maliciously crafted webpages to perform arbitrary code execution (and likely gain access to sensitive information) on vulnerable devices. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
The latest raft of non-emergency Apple security updates are out, patching a total of 87 different CVE-rated software bugs across all Apple products and plaforms.
There are 10 security bulletins for this bunch of updates, as follows:
APPLE-SA-2022-03-14-1: iOS 15.4 and iPadOS 15.4 (HT213182) APPLE-SA-2022-03-14-2: watchOS 8.5 (HT213193) APPLE-SA-2022-03-14-3: tvOS 15.4 (HT213186) APPLE-SA-2022-03-14-4: macOS Monterey 12.3 (HT213183) APPLE-SA-2022-03-14-5: macOS Big Sur 11.6.5 (HT213184) APPLE-SA-2022-03-14-6: Security Update 2022-003 Catalina (HT213185) APPLE-SA-2022-03-14-7: Xcode 13.3 (HT213189) APPLE-SA-2022-03-14-8: Logic Pro X 10.7.3 (HT213190) APPLE-SA-2022-03-14-9: GarageBand 10.4.6 (HT213191) APPLE-SA-2022-03-14-10: iTunes 12.12.3 for Windows (HT213188) Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
You might be forgiven for thinking that July 2021 was Microsoft’s month for cybersecurity vulnerabilities.
First there was PrintNightmare in several guises, followed by HiveNightmare (an entirely unrelated bug that nevertheless attracted the “Nightmare” moniker), followed by PetitPotam (which went down the cute aquatic mammal naming path).
Now, however, it’s Apple’s turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company’s last, and much broader, security update.
This one doesn’t have a fancy name, but instead goes simply by CVE-2021-30807, and was reported, according to Apple “by an anonymous researcher”.
Indeed, all we know about it, and all Apple has said so far, is that:
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Pour combler une faille qui permettait à un pirate de prendre le contrôle de votre appareil à distance via une page Web, Apple vient de publier un correctif pour iOS et iPadOS (14.4.1), macOS (11.2.3), watchOS (7.3.2), ainsi que pour son navigateur Web, Safari (14.0.3). Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Sicherheitsforscher haben in der Apple Mail-App eine schwerwiegende Sicherheitslücke entdeckt, über die sich Angreifer offenbar Zugriff auf iPhones und iPads verschaffen können. Die Lücke soll den Forschern zufolge seit acht Jahren bestehen. Wie Sie sich vor Angriffen schützen, verraten wir Ihnen im Video. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
From law enforcement to hacking firms everyone wants to hack iPhone. But Google, Apple’s arch-rival of sorts, has been hacking iPhone devices by identifying and exploiting critical vulnerabilities since last year.
This time, Google’s team of white hat hackers at Project Zero has identified exploitable flaws to compromise targeted iPhone devices.
According to Samuel Groß, the clickless flaw doesn’t require the victim to click on a malicious link to infect their device and attackers only need the targeted iPhone’s Apple ID to remotely compromise the phone. It merely takes a few minutes for a hacker to steal data from the phone including passwords, emails, and text messages along with enabling other functions like microphones and cameras. All this without the user’s permission or knowledge. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=iPhone
|
Scooped by
Gust MEES
|
The more recent iPhone hack was a feat that was previously seen as impossible. Not only did hackers infiltrate iOS, they also gained access to a slew of information available on a victim's iPhone: location data, photos, and messages were all up for grabs.
Now, a cybersecurity expert predicts even more Apple hacks going forward. Alex Heid, chief research and development officer at the cybersecurity firm SecurityScorecard, told Business Insider that Apple is now a top target for hackers seeking money or power. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
|
Scooped by
Gust MEES
|
Bisher galt Apples mobiles Betriebssystem als sicher. Das hat sich offenbar geändert. Hacker hätten die iOS-Sicherheit zerstört, klagt ein Exploit-Händler. Android-Exploits sind jetzt teurer.
Die massive Sicherheitslücke in Apples iOS, die über zwei Jahre hinweg Hacker-Angriffe in großem Ausmaß ermöglicht haben soll, dürfte ein weiterer Sargnagel für die These von der Sicherheit des mobilen Betriebssystems gewesen sein. Nur wenige Tage nach Bekanntwerden der wohl von China ausgegangenen iPhone-Spionage hat Zerodium, ein Händler von Exploits, seine Preise angepasst. Derzeit würden ausnutzbare Lücken für iOS den Markt geradezu fluten. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=ZERODIUM
|
Scooped by
Gust MEES
|
If you're an iPhone user, Apple has let you down. Massively.
The discovery last week that malicious websites have been able to hack iPhones indiscriminately and with apparent ease for years came as a bit of a shock. The idea that a product that Apple itself bills as being "designed from the ground up" to protect your information could have its security measures ripped to shreds by simply visiting a website, and that this happened for almost three years makes a mockery of Apple's claims of being able to protect users and their data.
A bigger embarrassment is that this attack on iPhone users was uncovered not by Apple, but by its archrival in the smartphone space, Google.
The scale of this exploit should also shock users. By simply visiting a website, the hackers could use exploits to deliver payloads that could "steal private data like iMessages, photos and GPS location in real-time" without the user having to install anything or be duped to run some app.
The hackers also had access to user's keychain, which contains passwords, and the databases of various end-to-end encrypted messaging apps, such as Telegram and WhatsApp. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/apple-mac-ios4-ipad-iphone-and-in-security https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
|
Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.
"Apple is aware of a report that this issue may have been actively exploited," the company revealed in security advisories describing the security flaws.
The bugs were found in the Image I/O and Wallet frameworks and are tracked as CVE-2023-41064 (discovered by Citizen Lab security researchers) and CVE-2023-41061 (discovered by Apple).
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security