0 Members and 1 Guest are viewing this topic.
Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems.To check for updates (and automatically fetch them if they haven’t been downloaded automatically yet), do this:* On an iPad or iPhone. Go to Settings > General > Software Update. If you are using iOS 14, you want 14.8.* On a MacBook laptop or a desktop Mac. Go to Apple menu > System Preferences > Software Update. If you are using macOS Big Sur 11, you want 11.6.
Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. Apple zero-days run rampant in 2021It has been a very busy year for Apple with what seems like an unending streaming of zero-day vulnerabilities used in targeted attacks against iOS and Mac devices.
Apple emergency update fixes zero-days used to hack iPhones, MacsApple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.Zero-day security bugs are flaws the software vendor is unaware of and hasn't patched. The list of impacted devices includes: Macs running macOS Monterey iPhone 6s and later iPad Pro (all), iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, iPod touch (7th gen)Even though these zero-days were likely only used in targeted attacks, it's still strongly advised to install today's security updates as soon as possible to block potential attack attempts.
Here’s how to check your update status, and get the updates right away if you don’t have them already: On your iPhone or iPad: Settings > General > Software Update On your Mac: Apple menu > About this Mac > Software Update…
Apple emergency update fixes zero-day used to hack Macs, WatchesApple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or may be actively exploited in the wild.The list of impacted devices includes Apple Watch Series 3 or late, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.Although this zero-day was most probably only used in targeted attacks, it's still strongly advised to install today's macOS and watchOS security updates as soon as possible to block attack attempts.
Apple security updates fix 2 zero-days used to hack iPhones, MacsApple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively exploited in attacks.Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.The list of devices affected by both vulnerabilities are: Macs running macOS Monterey iPhone 6s and later iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.
What to do?Patch at once!At the time of writing, Apple has published advisories for iPad OS 15 and iOS 15, which both get updated version numbers of 15.6.1, and for macOS Monterey 12, which gets an updated version number of 12.5.2. On your iPhone or iPad: Settings > General > Software Update On your Mac: Apple menu > About this Mac > Software Update… There’s also an update that takes watchOS to version 8.7.1, but that update doesn’t list any CVE numbers, and doesn’t have a security advisory of its own.There’s no word on whether the older supported versions of macOS (Big Sur and Catalina) are affected but don’t yet have updates available, or whether tvOS is vulnerable but not yet patched.
Apple backports fix for actively exploited iOS zero-day to older iPhonesApple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.The list of devices today's security updates apply to includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation), all of them running iOS 12.5.6.Although this zero-day vulnerability was most likely only used in targeted attacks, it's still strongly advised to install today's iOS security updates as soon as possible to block potential attack attempts.
Apple fixes eighth zero-day used to hack iPhones and Macs this yearApple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.The complete list of impacted devices includes:* iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation* and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6Apple also backported patches for another zero-day to Macs running macOS Big Sur 11.7
Apple fixes recently disclosed zero-day on older iPhones, iPadsThe list of impacted devices includes iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).Even though this zero-day was most likely only used in targeted attacks, it's strongly suggested to patch even older devices as soon as possible to block potential attack attempts.This is the ninth zero-day Apple has fixed since the start of this year.
Apple releases macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 to patch two security issuesApple has released the macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 for all users. The updates patch two security vulnerabilities in the operating systems.
Apple fixes new Webkit zero-day used in attacks against iPhonesIn security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.Apple addressed the zero-day vulnerability with improved state handling for the following devices iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).Even though this zero-day flaw was likely used in highly-targeted attacks, it is still suggested to install today's security updates as soon as possible.
Apple patches everythingTo summarise, the versions you want to see after you’ve upgraded are as follows: macOS Ventura 13.1 macOS Monterey 12.6.2 macOS Big Sur 11.7.2 tvOS 16.2 watchOS 9.2 iOS 16.2 (recent devices only) iPadOS 16.2 (recent devices only) iOS 15.7.2 (earlier devices, back to iPhone 6s) iPadOS 15.7.2 (earlier devices, including iPod touch 7th gen) If you’ve got Big Sur or Monterey, you’ll also need a separate update to take you to Safari 16.2 to fix a number of browser and web-rendering bugs. (Other platform updates get their Safari fixes bundled in.)
Apple fixes new WebKit zero-day exploited to hack iPhones, MacsApple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs.The complete list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes:* iPhone 8 and later* iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later* Macs running macOS Ventura
Apple fixes recently disclosed zero-days on older iPhones and iPadsApple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.Today, Apple addressed the zero-days in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management.The company says the bugs are now also patched on the following list of devices: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and Macs running macOS Monterey and Big Sur.
Apple fixes three new zero-days exploited to hack iPhones, MacsApple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.The list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes: iPhone 6s (all), iPhone 7 (all), iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen), iPod touch (7th gen), and iPhone 8 and later iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later Macs running macOS Big Sur, Monterey, and Ventura Apple Watch Series 4 and later Apple TV 4K (all models) and Apple TV HD
Author
Topic: Apple attack (Read 2169 times)
