258 matches found
New iPhone Exploit Uses Four Zero-Days
Kaspersky researchers are detailing "an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky." Its a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the...
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPad...
Apple to Add Manual Authentication to iMessage
Signal has had the ability to manually authenticate another account for years. iMessage is getting it: The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is wh...
iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great...
The outstanding stealth of Operation Triangulation
Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating...
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L set_qos function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to crash.
iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...
Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that...
Apple macOS Ventura å®å Øę¼ę“
iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...
Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.
A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. "The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to...
PT-2023-4994
Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, and macOS versions prior to 16.6.1 Apple macOS Monterey versions prior to 12.6.9 Apple macOS Ventura versions prior to 13.5.2 Apple iOS versions prior to 15.7.9 Apple iPadOS versions prior to 15.7.9 Apple macOS Big Sur...
Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands
Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News...
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439...
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439...
New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which i...
New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which i...
Operation Triangulation: Zero-Click iPhone Malware
Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to th...
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB. The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip f...
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...
Apple announces 3 new security features
Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023...