Tag: macOS
-
CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities
Tags: apple, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, macOS, ransomware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning regarding two critical zero-day vulnerabilities impacting a wide range of Apple devices. The flaws, which impact the latest versions of iOS, iPadOS, macOS, and other Apple products, are believed to be actively exploited in the wild, though connections to ransomware campaigns remain unconfirmed.…
-
Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-patches-zero-days-ios-macos/
-
Hackers target Apple users in an ‘extremely sophisticated attack’
Flaws patched across the board: According to the NVD description, Apple issued a fix for all impacted operating systems. Patched Apple OS rollouts include tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1.Specific iPhones and iPads that shall be receiving the patch include iPhone XS and later, iPad Pro 13-inch, iPad Pro…
-
Apple released emergency updates for actively exploited flaws
Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out”‘of”‘band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets.…
-
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
-
Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
-
CVE-2025-31200: Apple Patches Two Actively Exploited Zero-Days
Apple has rolled out critical security updates across its ecosystem, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, to address two newly discovered zero-day vulnerabilities that are currently being exploited in real-world attacks. Two Actively Exploited Zero-Day Flaws Patched The… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31200-zero-days-apple/
-
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution…
-
UNC5174 Deploys SNOWLIGHT Malware in Linux and macOS Attacks
A threat group believed to have ties with China’s state-sponsored cyber operations, identified as UNC5174, has launched a stealthy and technically advanced cyber campaign aimed at Linux and macOS environments. According to new research published by Sysdig, the group is… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/unc5174-snowlight-malware-linux-macos/
-
BSidesLV24 Breaking Ground Chrome Cookie Theft On macOS, And How To Prevent It
Author/Presenter: Nick Frost Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/bsideslv24-breaking-ground-chrome-cookie-theft-on-macos-and-how-to-prevent-it/
-
Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities
Apple has also fixed vulnerabilities in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, as well as its recently released iOS 18.4. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-security-fixes-ios-15-16/
-
Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
Apple has released a series of critical security updates to address vulnerabilities that were actively exploited as zero-day threats. These updates include backported patches for older versions of iOS, iPadOS, macOS, and watchOS, aiming to secure devices that may still be running outdated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apple-backports-zero-day-patches/
-
Apple backported fixes for three actively exploited flaws to older devices
Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices: Follow me on Twitter:@securityaffairsandFacebookandMastodon PierluigiPaganini (SecurityAffairs hacking, newsletter) First seen on…
-
Altgeräte bedrohen Sicherheit in Unternehmen
Tags: access, apache, authentication, botnet, bug, cisco, cloud, cve, cyberattack, dns, endpoint, firewall, Hardware, intelligence, Internet, ivanti, lazarus, linux, macOS, network, open-source, password, radius, ransomware, risk, router, sans, service, software, supply-chain, threat, update, vulnerabilitySchwachstellen in alten Netzwerkgeräten stellen ein erhebliches Sicherheitsrisiko für Unternehmen dar.Eine Analyse von Ciscos Threat-Intelligence-Team Talos zeigt, zwei der drei häufigsten Schwachstellen, auf die es Angreifer im Jahr 2024 abgesehen hatten, waren in alten Netzwerkgeräten zu finden. Das Problem ist, dass Hersteller dazu keine Patches mehr herausgeben.’Dies unterstreicht, wie wichtig es ist, veraltete Komponenten des…
-
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.The vulnerabilities in question are listed below -CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already installed on…
-
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.The vulnerabilities in question are listed below -CVE-2025-24085 (CVSS score: 7.3) – A use-after-free bug in the Core Media component that could permit a malicious application already installed on…
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
New ReaderUpdate macOS Malware Loader Variants Emerge
First seen on scworld.com Jump to article: www.scworld.com/brief/new-readerupdate-macos-malware-loader-variants-emerge
-
New “ReaderUpdate” macOS Malware Evolves with Nim and Rust Variants
Security researchers at SentinelOne have discovered that ReaderUpdate, a macOS malware loader platform that has been active since at least 2020, has significantly evolved with new variants written in multiple programming languages. The malware, which previously went relatively unnoticed by many vendors, now includes versions written in Crystal, Nim, Rust, and most recently Go, in…
-
New ReaderUpdate malware variants target macOS users
New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. ReaderUpdate is a macOS malware loader that has been active since 2020, the malicious code…
-
VMware plugs a high-risk vulnerability affecting its Windows-based virtualization
Patching is the only workaround: Broadcom advisory noted that the flaw does not have any workarounds and customers must apply patches rolled out on Tuesday to defend against exploitation.Affected products include all 11.x and 12.x versions of VMware tools for Windows, and are patched in the 12.5.1[1] rollout. VMware tools for Linux and macOS remain…
-
macOS Users Warned of New Versions of ReaderUpdate Malware
macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages. The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/macos-users-warned-of-new-versions-of-readerupdate-malware/
-
Take these 5 steps to protect against macOS security gaps
Tags: macOSFirst seen on scworld.com Jump to article: www.scworld.com/perspective/take-these-5-steps-to-protect-against-macos-security-gaps
-
Albabat Ransomware Expands Reach to Target Linux and macOS Platforms
A recent report from Trend Micro has revealed that a new variant of the Albabat ransomware now targets Linux and macOS platforms, marking a significant expansion in its capabilities. Previously limited to Windows systems, this updated strain demonstrates the evolving sophistication of ransomware threats. The malware is still under active development, with its multi-OS functionality…
-
New Phishing Campaign Targets macOS Users with Fake Security Alerts
LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users. First seen on hackread.com Jump to article: hackread.com/new-phishing-campaign-targeted-at-mac-users/
-
New phishing campaign uses scareware to steal Apple credentials
The campaign previously targeted Windows users: According to LayerX researchers, the campaign has been seen targeting Mac users only in the last few months. Initially, it targeted Windows users by masquerading as Microsoft security alerts.Designed to steal user credentials, threat actors have apparently shifted focus to Mac users owing to new security features being rolled…
-
Albabat Ransomware Expands Targets, Abuses GitHub
New versions of the Albabat ransomware target Windows, Linux, and macOS, and retrieve configuration files from GitHub. The post Albabat Ransomware Expands Targets, Abuses GitHub appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/albabat-ransomware-expands-targets-abuses-github/
-
Researchers Reveal macOS Vulnerability Exposing System Passwords
A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. This vulnerability could potentially expose system passwords, emphasizing the importance of updating macOS devices to the latest versions. Background and…