Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component CVE-2023-23520 that could enable a malicious actor to read arbitrary files as root. The iPhone...

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google Project Zero called 2021 a "record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year. The development marks more than a two-fold jump from the previous maximum when 28 0-day exploits were tracked in 2015. In contrast, onl...

Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware

A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed...

Google Warns That NSO Hacking Is On Par With Elite Spy Groups

ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen...

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY...

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which publicized t...

Update now! Apple patches another privilege escalation bug in iOS and iPadOS

Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the wild. The update has been made available for iPhone 6s and later, iPad Pro all models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iP...

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance...

Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus

Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction...

Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware

Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system. The list of two flaws is as follows - CVE-2021-30858 WebKit - A use after...

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...

VulnCheck KEV: CVE-2021-30860

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY...

A week in security (August 23 – August 29)

Last week on Malwarebytes Labs: Patch now! Microsoft Exchange is being attacked via ProxyShell Realtek-based routers, smart devices are being gobbled up by a voracious botnet Criminals exploited weak checks and old tech to pull off vast COVID benefit fraud Mice “taking over the world!”, one Windo...

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. The Bahrain government and groups linked to them—suc...

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day

A never-before-seen, zero-click iMessaging exploit has been allegedly used to illegally spy on Bahraini activists with NSO Group’s Pegasus spyware, according to cybersecurity watchdog Citizen Lab. The digital researchers are calling the new iMessaging exploit FORCEDENTRY. In a report published on...