DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group GTIG, iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors...

Exploit for Type Confusion in Apple Ipados

🏴‍☠️ Coruna iOS Exploit Kit: CVE-2024-23222 Research !CVEh...

EUVD-2014-2153

Malware in sbrugna...

EUVD-2015-6934

Malware in sbrugna...

EUVD-2015-5850

Malware in sbrugna...

EUVD-2023-36679

Malicious code in bioql PyPI...

EUVD-2023-47338

Malicious code in bioql PyPI...

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with...

Notex the best notes 6.4 - Denial of Service Exploit

Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long list of characters i...

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity, reveal that the exploit — named "Insomnia" —...

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the "permanent" only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points,...

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the...

In-depth exploration found in the wild iOS exploit chain V-vulnerability warning-the black bar safety net

This exploit chain are currently three different teams found, respectively, is the attacker's malicious organization, Project Zero Brandon Azad and 360 Security@S0rryMybad it. In 2018, 11 December 17,@S0rryMybad exploit this vulnerability in the Tianfu Cup PWN the race to win the 20 million dolla...

In-depth exploration found in the wild iOS exploit chain III-vulnerability warning-the black bar safety net

Overview This article exploits the chain's target is iOS 11-11. 4. 1, spanning nearly 10 months. This is what we observed first having a separate sandbox escape exploits chain. The sandbox escape vulnerability is libxpc in more serious security problem, wherein the reconstruction will lead to a W...

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...

In-the-wild iOS Exploit Chain 4

Posted by Ian Beer, Project Zero TL;DR This exploit chain supported iOS 12-12.1, although the two vulnerabilities were unpatched when we discovered the chain in the wild. It was these two vulnerabilities which we reported to Apple with a 7-day deadline, leading to the release of iOS 12.1.4. The...

In-the-wild iOS Exploit Chain 2

Posted by Ian Beer, Project Zero TL;DR This was an exploit for a known bug class which I had been auditing for since late 2016. The same anti-pattern which lead to this vulnerability, we’ll see again in Exploit Chain 3, which follows this post. This exploit chain targets iOS 10.3 through 10.3.3...

In-the-wild iOS Exploit Chain 5

Posted by Ian Beer, Project Zero TL;DR This exploit chain is a three way collision between this attacker group, Brandon Azad from Project Zero, and @S0rryMybad from 360 security. On November 17th 2018, @S0rryMybad used this vulnerability to win $200,000 USD at the TianFu Cup PWN competition...