Tag: apple
-
Apple to Pay $95 Million in Siri Snooping Lawsuit Here’s How to Apply
by
in SecurityNews
Tags: appleDid Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible… First seen on hackread.com Jump to article: hackread.com/apple-95-million-siri-snooping-lawsuit-how-to-apply/
-
Multiple Apple software defects addressed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/multiple-apple-software-defects-addressed
-
Wide-ranging Apple security update addresses over 30 vulnerabilities
by
in SecurityNewsApple said there is no indication of active exploitation for the listed vulnerabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-security-update-c1-modem-privacy-fixes-may-2025/
-
Apple Device Users Can File Claims in $95 Million Siri Spying Settlement
by
in SecurityNewsApple earlier this year agreed to a $95 settlement to end a lawsuit filed in 2021 that claimed the company’s AI-powered assistant Siri recorded users’ conversations even when it wasn’t prompted to do so. Now anyone who feels their privacy was violated by Siri have until July 2 to file a claim for a piece…
-
PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)
by
in SecurityNewsSecurity researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied by a proof-of-concept (PoC) exploit demonstrating partial sandbox bypass via Apple’s RemoteViewServices framework. The flaw, discovered by researcher wh1te4ever, exposes weaknesses in macOS’s inter-process communication (IPC) mechanisms that could enable attackers to execute arbitrary code outside application sandbox constraints. With the…
-
Hackers Abuse PyInstaller to Deploy Stealthy macOS Infostealer
by
in SecurityNewsJamf Threat Labs has identified a novel macOS infostealer that exploits PyInstaller, a legitimate open-source tool used to bundle Python scripts into standalone Mach-O executables. This marks the first documented instance of PyInstaller being weaponized to deploy infostealers on macOS, highlighting a sophisticated evolution in the tactics of cybercriminals targeting Apple’s ecosystem. Discovered in April…
-
Contempt order worsens Apple’s antitrust woes
by
in SecurityNewsA federal judge found Apple to be in contempt of an injunction ordering the company to make access to alternative payment options in the company’s App Store easier. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366623650/Contempt-order-worsens-Apples-antitrust-woes
-
Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
by
in SecurityNewsGoogle Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components of Apple’s operating system. Their public research details how low-level message passing between privileged and sandboxed processes can be a dangerous attack vector, and offers open-source tools and code for the…
-
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
by
in SecurityNews
Tags: ai, api, apple, backdoor, credentials, cybersecurity, infrastructure, intelligence, macOS, malicious, threat, toolCybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.”Disguised as developer tools offering ‘the cheapest Cursor API,’ these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor’s First seen on thehackernews.com Jump…
-
Researchers Uncover Remote Code Execution Flaw in macOS CVE-2024-44236
by
in SecurityNewsSecurity researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical details about CVE-2024-44236, a memory corruption vulnerability in Apple’s macOS Scriptable Image Processing System (sips). Discovered by Hossein Lotfi through Trend Micro’s Zero Day Initiative, this flaw allows arbitrary code execution via maliciously crafted ICC profile files. Patched in October…
-
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users
by
in SecurityNewsSilent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in X/Twitter’s advertising display URL feature to deceive users. This attack manipulates the platform’s URL display mechanism to present a legitimate-looking link, such as “From CNN[.]com,” while redirecting unsuspecting victims to a malicious cryptocurrency scam site impersonating Apple’s brand. This campaign,…
-
Guess Which Browser Tops the List for Data Collection!
Google Chrome has emerged as the undisputed champion of data collection among 10 popular web browsers studied on the Apple App Store. Collecting a staggering 20 different data types, Chrome surpasses all competitors by a significant margin. From personal contact information and precise financial details-such as payment methods and card numbers-to location data, browsing history,…
-
‘AirBorne”-Sicherheitslücken: Milliarden Apple-Geräte in Gefahr
by
in SecurityNewsSicherheitsforscher von Oligo Security haben 23 Sicherheitslücken in Apple AirPlay entdeckt, die Milliarden von Apple-Geräten der Gefahr von Datendiebstahl und unberechtigtem Zugriff aussetzen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/airborne–sicherheitslucken-milliarden-apple-gerate-in-gefahr
-
Softwareupdate – Apple schließt Zero-Day-Schwachstellen mit Patch für iOS 18
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/apple-ios-update-zero-day-schwachstellen-carplay-probleme-a-39b0e75ade847564bacdfc2804a8d88b/
-
Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
by
in SecurityNewsCybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology.The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo.”These vulnerabilities can be chained by First seen on thehackernews.com Jump to article:…
-
Schwachstelle in Apples Find-My-Funktion – Forscher entwickeln Tool zur Ausnutzung von Satellitenkommunikation
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/satellitenkommunikation-iphones-sicherheitsluecken-a-ea2f93f9cd06f042ead5634ebc3c5aee/
-
Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities
by
in SecurityNewsOligo Security uncovers >>AirBorne,
-
Apple issues global spyware threat notifications
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/apple-issues-global-spyware-threat-notifications
-
Microsoft Switches to Passkeys By Default, Pledges to Eliminate Passwords
Apple and Google also pledged to use the FIDO Alliance’s standard for biometric or PIN logins as opposed to passwords. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-passwordless-world-password-day/
-
Cook’d: Judge says Apple lied to court in Epic case, asks Feds to mull criminal charges
by
in SecurityNewsCEO, senior execs ‘at every turn chose the most anti-competitive option’ First seen on theregister.com Jump to article: www.theregister.com/2025/05/01/apple_epic_lies_possible_crime/
-
Spionageangriffe erkannt: Apple warnt iPhone-Nutzer in 100 Ländern vor Spyware
by
in SecurityNewsUnzählige iPhone-Nutzer auf der ganzen Welt haben von Apple Spyware-Warnungen erhalten. Wer hinter den Angriffen steckt, ist allerdings unklar. First seen on golem.de Jump to article: www.golem.de/news/spionageangriffe-erkannt-apple-warnt-iphone-nutzer-in-100-laendern-vor-spyware-2505-195868.html
-
AirBorne: Schwachstellen in Apples AirPlay-Protokoll gefährden Geräte und Netzwerke
by
in SecurityNewsApple Geräte (Macs, iPads, iPhones) unterstützen AirPlay zur Übertragung von Musik, Fotos und Videos zwischen Geräten. Schwachstellen im Protokoll ermöglichen es, per WiFi die AirPlay-Geräte anzugreifen und sich so im Netzwerk zu bewegen. Was ist AirPlay? AirPlay ist eine proprietäre … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/02/airborne-schwachstellen-in-apples-airplay-protokoll-gefaehrden-geraete-und-netzwerke/
-
Apple notifies victims in 100 countries of likely spyware targeting
by
in SecurityNewsTwo of the known victims are an Italian journalist and the right-wing Dutch author and pundit Eva Vlaardingerbroek. First seen on therecord.media Jump to article: therecord.media/apple-spyware-victims-notified-countries
-
Apple notifies new victims of spyware attacks across the world
by
in SecurityNewsTwo alleged victims came forward claiming they received a spyware notification from Apple. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/30/apple-notifies-new-victims-of-spyware-attacks-across-the-world/
-
23 Apple AirPlay Vulnerabilities ‘Could Have Far-Reaching Impacts’
by
in SecurityNewsThe so-called “AirBorne” flaws enable zero-click attacks and device takeover on local networks. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-airplay-airborne-vulnerabilities/
-
Apple Passwords Review (2025): Features, Pricing, and Security
by
in SecurityNewsApple Passwords provides robust security features, but is it capable of safeguarding your sensitive data? First seen on techrepublic.com Jump to article: www.techrepublic.com/article/apple-passwords-review/
-
AirBorne flaws can lead to fully hijack Apple devices
by
in SecurityNewsVulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and…
-
Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi
by
in SecurityNewsA major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been unveiled, enabling an array of severe attack vectors. Most critically, these flaws allow zero-click “wormable” Remote Code Execution (RCE), meaning attackers can take over Apple and third-party devices via Wi-Fi without any user interaction. The impact spans billions of devices globally, including…