Tag: apple
-
Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework
Google Project Zero has revealed a new technique capable of bypassing Address Space Layout Randomization (ASLR) protections on Apple devices. The finding, published by security researcher Jann Horn, stresses a novel way attackers could exploit deterministic behaviors in Apple’s serialization framework, specifically within First seen on thecyberexpress.com Jump to article: thecyberexpress.com/project-zero-exposes-aslr-bypass/
-
SMS Pools and what the US Secret Service Really Found Around New York
Tags: apple, authentication, business, china, conference, control, country, credit-card, crime, crypto, data, email, exploit, finance, fraud, google, group, Hardware, infrastructure, iphone, jobs, korea, law, linux, mfa, mobile, phishing, phone, scam, service, smishing, software, theft, usa, windowsLast week the United Nations General Assembly kicked off in New York City. On the first day, a strange US Secret Service press conference revealed that they had seized 300 SIM Servers with 100,000 SIM cards. Various media outlets jumped on the idea that this was some state-sponsored sleeper cell waiting to destroy telecommunication services…
-
New ModStealer Evades Antivirus, Targets macOS Users to Steal Sensitive Data
A sophisticated new malware strain targeting macOS users has emerged, capable of bypassing traditional antivirus solutions while specifically targeting developers and cryptocurrency holders. The cross-platform threat, dubbed ModStealer, represents the latest evolution in macOS-focused cybercrime, highlighting the growing security challenges facing Apple users in 2024. ModStealer was first identified by cybersecurity firm Mosyle and reported through…
-
Google Project Zero Discloses Apple Vulnerability Allowing ASLR Bypass
Google Project Zero researcher Jann Horn has disclosed a novel vulnerability in Apple’s macOS and iOS systems that could potentially allow attackers to bypass Address Space Layout Randomization (ASLR) protections through pointer leaks in serialization processes. Vulnerability Overview The vulnerability exploits a technique that leverages pointer-keyed data structures in Apple’s NSKeyedArchiver serialization framework to leak…
-
Google Project Zero Discloses Apple Vulnerability Allowing ASLR Bypass
Google Project Zero researcher Jann Horn has disclosed a novel vulnerability in Apple’s macOS and iOS systems that could potentially allow attackers to bypass Address Space Layout Randomization (ASLR) protections through pointer leaks in serialization processes. Vulnerability Overview The vulnerability exploits a technique that leverages pointer-keyed data structures in Apple’s NSKeyedArchiver serialization framework to leak…
-
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/microsoft_xcsset_macos/
-
Apple’s Feedback to EU Commission: Repeal Digital Markets Act
Tags: appleThe EU will have to wait to get Live Translation and other features as Apple works on complying with the Digital Markets Act regulation. The post Apple’s Feedback to EU Commission: Repeal Digital Markets Act appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-repeal-eu-digital-markets-act/
-
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks.”This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,” the Microsoft Threat Intelligence team said in a Thursday report.”It employs sophisticated encryption and obfuscation First seen…
-
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools.”In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware,” researchers Alex Cox, Mike Kosak, and First seen on thehackernews.com…
-
Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes
Apple just fixed more than 50 security flaws across iPhone, iPad, Mac, Watch, TV, and Vision Pro. The post Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-ios26-macos26-release-security-fixes/
-
The Industry’s Passkey Pivot Ignores a Deeper Threat: Device-Level Infections
Passkeys Are Progress, But They’re Not Protection Against Everything The cybersecurity community is embracing passkeys as a long-overdue replacement for passwords. These cryptographic credentials, bound to a user’s device, eliminate phishing and prevent credential reuse. Major players, like Google, Apple, Microsoft, GitHub, and Okta, have made passkey login widely available across consumer and enterprise services….…
-
Apple patches critical zero-day in ImageIO amid reports of targeted exploits
Attackers shifting to core image services: Attackers seem to be moving focus to image processing modules in core system software, rather than going after obvious network-facing services or applications. Last week, Samsung patched a critical bug (CVE-2025-21043) affecting its supplied image library ‘libimagecodec.quram.so’ that allowed remote code execution via a crafted image with zero user…
-
Apple patches critical zero-day in ImageIO amid reports of targeted exploits
Attackers shifting to core image services: Attackers seem to be moving focus to image processing modules in core system software, rather than going after obvious network-facing services or applications. Last week, Samsung patched a critical bug (CVE-2025-21043) affecting its supplied image library ‘libimagecodec.quram.so’ that allowed remote code execution via a crafted image with zero user…
-
Apple Patches 0-Day Vulnerabilities in Older iPhones and iPads
Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious security flaw affecting legacy Apple devices. Active Exploitation Confirmed The vulnerability, tracked as CVE-2025-43300, represents…
-
Apple backports fix for actively exploited CVE-2025-43300
Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as CVE-2025-43300. In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides…
-
Apple backports fix for actively exploited CVE-2025-43300
Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as CVE-2025-43300. In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides…
-
Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs
The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-security-updates-september-2025/
-
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
May have been used in ‘extremely sophisticated’ attacks against ‘specific targeted individuals’ First seen on theregister.com Jump to article: www.theregister.com/2025/09/16/apple_0day_spy_attacks/
-
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/
-
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/
-
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.”Apple is aware of a report that this issue…
-
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.”Apple is aware of a report that this issue…
-
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.”Apple is aware of a report that this issue…
-
Apple Releases Security Update Patching Multiple Vulnerabilities in iOS 26 and iPadOS 26
Apple has released a comprehensive security update for iOS 26 and iPadOS 26, addressing27 vulnerabilitiesacross multiple system components. The update, released on September 15, 2025, targets devices including iPhone 11 and later models, along with various iPad generations from iPad Pro 12.9-inch 3rd generation onwards. Critical System Components Affected The security patches span 23 different system…
-
Seit Monaten bekannt: Millionen Fahrzeuge mit ungepatchter Carplay-Lücke
Eine seit April bekannte Sicherheitslücke gefährdet unzählige Autos mit Apple Carplay. Patches gibt es zwar, doch kommen diese nicht beim Endkunden an. First seen on golem.de Jump to article: www.golem.de/news/seit-monaten-bekannt-millionen-fahrzeuge-mit-ungepatchter-carplay-luecke-2509-200091.html
-
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against ‘specific targeted users’ First seen on theregister.com Jump to article: www.theregister.com/2025/09/12/samsung_fixes_android_0day/
-
French Advisory Sheds Light on Apple Spyware Activity
CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in sophisticated attacks against targeted individuals. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/french-sheds-light-apple-spyware-activity
-
Chinese Guarantee Syndicates and the Fruit Machine
When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned “machine rooms” — which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked “Where would they get that many phones?” The kids like to use the acronym…