DarkSword iPhone Exploit Leaked Online, Hundreds of Millions at Risk

DarkSword exploit leak puts up to 270 million iPhones at risk, with hackers able to access data through…...

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an...

Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities

Alongside new iPhones, Apple released a new security architecture on Tuesday: Memory Integrity Enforcement aims to eliminate the most frequently exploited class of iOS bugs...

Rooted Androids 3,000x More Likely to Be Breached, Even iPhones Not Safe

A new Zimperium report reveals that rooted Android phones and jailbroken iOS devices face growing threats, with advanced toolkits making detection nearly impossible for cybersecurity researchers...

What Graykey Can and Can’t Unlock

This is from 404 Media: The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple's mobile operating system,...

Auto-Rebooting iPhones Are Causing Chaos for Cops

Plus: Hot Topic confirms a customer data breach, Germany arrests a US citizen for allegedly passing military secrets to Chinese intelligence, and more...

PT-2024-31037 · Apple · Ipados +3

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.0.1 iPadOS versions prior to 18.0.1 Description: A logic issue was addressed with improved validation, allowing a user's saved passwords to be read aloud by VoiceOver. This issue is related to the VoiceOver feature in...

A Mysterious Leak Exposed Chinese Hacking Secrets

Plus: Scammers try to dupe Apple with 5,000 fake iPhones, Avast gets fined for selling browsing data, and researchers figure out how to clone fingerprints from your phone screen...

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirm...

Update now! Apple releases patch for zero-day vulnerability

Apple has released new security updates for several products, including a patch for a zero-day vulnerability that could impact iPhones, iPad, Macs, and Apple TVs. Apple says it’s aware of a report that the bug may have been exploited already. Further details about the nature of the vulnerability...

Apple Fixes First Actively Exploited Zero-day of 2024

Summary: The CVE-2024-23222 vulnerability in Apples WebKit is actively being exploited, as the processing of maliciously crafted web content may result in arbitrary code execution, posing a severe threat to the security and control of affected tvOS, iPhones, iPads, and macOS. Immediate updating i...

A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult...

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

By Waqas Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW! This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities...

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render...

Apple Tackles Zero-Day Flaws Impacting iPhones and Macs

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has addressed zero-day vulnerability exploited in targeted attacks on iPhones, Macs, and iPads. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

Brute-Forcing a Fingerprint Reader

Its neither hard nor expensive: Unlike password authentication, which requires a direct match between what is inputted and whats stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only...

Bypassing a Theft Threat Model

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process. I wrote about this kind of thing in 2000, in Secrets and Lies page 318: My favorite example is a band of California art thieves that would break into peoples houses by cutting a hole in...

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware...

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day...

Apple Addressed A Zero-day Vulnerability With An Emergency Security Update

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has released an emergency security update to fix a zero-day vulnerability, CVE-2023-23529, that could be used to hack iPhones, iPads, and Macs. The vulnerability was found in WebKit and coul...