148 matches found
DEBIAN-CVE-2022-21505
In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...
CVE-2024-27862
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled...
CVE-2024-27862
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled...
CVE-2024-27862
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled...
CVE-2024-27862
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled...
CVE-2024-27862
CVE-2024-27862 is a logic issue in macOS Sonoma 14.6 related to Setup/Lockdown Mode flow. The underlying problem is state-management during setup, which can cause FileVault to be disabled unexpectedly when Lockdown Mode is enabled while configuring a Mac. The issue affects macOS Sonoma 14.6 and i...
iPhone users in 98 countries warned about spyware by Apple
In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users...
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say its detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware i...
What It’s Like to Use Apple’s Lockdown Mode
If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable...
Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a report shared wi...
Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said i...
Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On...
CVE-2023-21267
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Information disclosure
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21267
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21267
The CVE-2023-21267 issue affects Android’s KeyguardViewMediator.java in the framework, enabling bypass of lockdown mode via screen pinning due to a logic error. This leads to local information disclosure without extra privileges or user interaction. Exploitation can occur on devices with access t...
CVE-2023-21267
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
iOS Lockdown Mode effective against NSO zero-click exploit
Apples Lockdown Mode feature alerted a victim to one of the latest NSO exploits, according to a report by Citizen Lab. image courtesy of Citizen Lab This is a huge deal since it shows how useful Lockdown Mode can be, even against exploits developed by one of the worlds most notorious commercial...
New Zero-Click Exploits against iOS
Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-cli...