Author Topic: Apple attack  (Read 6473 times)

0 Members and 2 Guests are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Apple attack
« on: Tuesday, 14 September, 2021 @ 12:58:33 »
Quote
Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems.

To check for updates (and automatically fetch them if they haven’t been downloaded automatically yet), do this:

*    On an iPad or iPhone. Go to
      Settings > General > Software Update. If you are using iOS 14, you want 14.8.
*    On a MacBook laptop or a desktop Mac. Go to
      Apple menu > System Preferences > Software Update. If you are using macOS Big Sur 11, you want 11.6.
https://nakedsecurity.sophos.com/2021/09/14/apple-products-vulnerable-to-forcedentry-zero-day-attack-patch-now/


Quote
Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs.

Apple zero-days run rampant in 2021

It has been a very busy year for Apple with what seems like an unending streaming of zero-day vulnerabilities used in targeted attacks against iOS and Mac devices.
https://www.bleepingcomputer.com/news/apple/apple-fixes-ios-zero-day-used-to-deploy-nso-iphone-spyware/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #1 on: Friday, 01 April, 2022 @ 03:30:14 »
Quote
Apple emergency update fixes zero-days used to hack iPhones, Macs

Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.

Zero-day security bugs are flaws the software vendor is unaware of and hasn't patched.

The list of impacted devices includes:

    Macs running macOS Monterey
    iPhone 6s and later
    iPad Pro (all), iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, iPod touch (7th gen)

Even though these zero-days were likely only used in targeted attacks, it's still strongly advised to install today's security updates as soon as possible to block potential attack attempts.
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/


Quote
Here’s how to check your update status, and get the updates right away if you don’t have them already:

    On your iPhone or iPad: Settings > General > Software Update
    On your Mac: Apple menu > About this Mac > Software Update…
https://nakedsecurity.sophos.com/2022/04/01/apple-pushes-out-two-emergency-0-day-updates-get-em-now/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #2 on: Monday, 16 May, 2022 @ 23:46:56 »
Quote
Apple emergency update fixes zero-day used to hack Macs, Watches

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.

Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or may be actively exploited in the wild.

The list of impacted devices includes Apple Watch Series 3 or late, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.

Although this zero-day was most probably only used in targeted attacks, it's still strongly advised to install today's macOS and watchOS security updates as soon as possible to block attack attempts.
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #3 on: Thursday, 18 August, 2022 @ 03:19:06 »
Quote
Apple security updates fix 2 zero-days used to hack iPhones, Macs

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.

Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively exploited in attacks.

Today, Apple has released macOS Monterey 12.5.1 and  iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.

The list of devices affected by both vulnerabilities are:

    Macs running macOS Monterey
    iPhone 6s and later
    iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/


Quote
What to do?

Patch at once!

At the time of writing, Apple has published advisories for iPad OS 15 and iOS 15, which both get updated version numbers of 15.6.1, and for macOS Monterey 12, which gets an updated version number of 12.5.2.

    On your iPhone or iPad: Settings > General > Software Update
    On your Mac: Apple menu > About this Mac > Software Update…

There’s also an update that takes watchOS to version 8.7.1, but that update doesn’t list any CVE numbers, and doesn’t have a security advisory of its own.

There’s no word on whether the older supported versions of macOS (Big Sur and Catalina) are affected but don’t yet have updates available, or whether tvOS is vulnerable but not yet patched.
https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #4 on: Thursday, 01 September, 2022 @ 08:02:16 »
Quote
Apple backports fix for actively exploited iOS zero-day to older iPhones

Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.

The list of devices today's security updates apply to includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation), all of them running iOS 12.5.6.

Although this zero-day vulnerability was most likely only used in targeted attacks, it's still strongly advised to install today's iOS security updates as soon as possible to block potential attack attempts.
https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #5 on: Monday, 12 September, 2022 @ 23:26:08 »
Quote
Apple fixes eighth zero-day used to hack iPhones and Macs this year

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.

The complete list of impacted devices includes:

*    iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation
*    and Macs running macOS Big Sur 11.7 and macOS Monterey 12.6

Apple also backported patches for another zero-day to Macs running macOS Big Sur 11.7
https://www.bleepingcomputer.com/news/security/apple-fixes-eighth-zero-day-used-to-hack-iphones-and-macs-this-year/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #6 on: Friday, 28 October, 2022 @ 12:50:34 »
Quote
Apple fixes recently disclosed zero-day on older iPhones, iPads

The list of impacted devices includes iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Even though this zero-day was most likely only used in targeted attacks, it's strongly suggested to patch even older devices as soon as possible to block potential attack attempts.

This is the ninth zero-day Apple has fixed since the start of this year.
https://www.bleepingcomputer.com/news/security/apple-fixes-recently-disclosed-zero-day-on-older-iphones-ipads/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #7 on: Friday, 11 November, 2022 @ 00:04:14 »
Quote
Apple releases macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 to patch two security issues

Apple has released the macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 for all users. The updates patch two security vulnerabilities in the operating systems.
https://www.ghacks.net/2022/11/10/whats-new-in-macos-ventura-13-0-1-ios-16-1-1-and-ipados-16-1-1/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #8 on: Wednesday, 14 December, 2022 @ 02:58:21 »
Quote
Apple fixes new Webkit zero-day used in attacks against iPhones

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.

Apple addressed the zero-day vulnerability with improved state handling for the following devices iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Even though this zero-day flaw was likely used in highly-targeted attacks, it is still suggested to install today's security updates as soon as possible.
https://www.bleepingcomputer.com/news/apple/apple-fixes-new-webkit-zero-day-used-in-attacks-against-iphones/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #9 on: Wednesday, 14 December, 2022 @ 15:14:29 »
Quote
Apple patches everything

To summarise, the versions you want to see after you’ve upgraded are as follows:

    macOS Ventura 13.1
    macOS Monterey 12.6.2
    macOS Big Sur 11.7.2
    tvOS 16.2
    watchOS 9.2
    iOS 16.2 (recent devices only)
    iPadOS 16.2 (recent devices only)
    iOS 15.7.2 (earlier devices, back to iPhone 6s)
    iPadOS 15.7.2 (earlier devices, including iPod touch 7th gen)

If you’ve got Big Sur or Monterey, you’ll also need a separate update to take you to Safari 16.2 to fix a number of browser and web-rendering bugs. (Other platform updates get their Safari fixes bundled in.)
https://nakedsecurity.sophos.com/2022/12/14/apple-patches-everything-finally-reveals-mystery-of-ios-16-1-2/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #10 on: Tuesday, 14 February, 2023 @ 02:56:33 »
Quote
Apple fixes new WebKit zero-day exploited to hack iPhones, Macs

Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs.

The complete list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes:

*    iPhone 8 and later
*    iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th
       generation and later
*    Macs running macOS Ventura
https://www.bleepingcomputer.com/news/security/apple-fixes-new-webkit-zero-day-exploited-to-hack-iphones-macs/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #11 on: Tuesday, 11 April, 2023 @ 13:36:19 »
Quote
Apple fixes recently disclosed zero-days on older iPhones and iPads

Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.

Today, Apple addressed the zero-days in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 by improving input validation and memory management.

The company says the bugs are now also patched on the following list of devices:

    iPhone 6s (all models),
    iPhone 7 (all models),
    iPhone SE (1st generation),
    iPad Air 2,
    iPad mini (4th generation),
    iPod touch (7th generation),
    and Macs running macOS Monterey and Big Sur.
https://www.bleepingcomputer.com/news/apple/apple-fixes-recently-disclosed-zero-days-on-older-iphones-and-ipads/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #12 on: Friday, 19 May, 2023 @ 11:35:43 »
Quote
Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.

The list of impacted devices is quite extensive, as the bug affects older and newer models, and it includes:

    iPhone 6s (all), iPhone 7 (all), iPhone SE (1st gen), iPad Air 2, iPad mini (4th gen), iPod touch (7th gen), and iPhone 8 and later
    iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
    Macs running macOS Big Sur, Monterey, and Ventura
    Apple Watch Series 4 and later
    Apple TV 4K (all models) and Apple TV HD
https://www.bleepingcomputer.com/news/apple/apple-fixes-three-new-zero-days-exploited-to-hack-iphones-macs/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #13 on: Thursday, 22 June, 2023 @ 16:20:24 »
Quote
Apple fixes zero-days used to deploy Triangulation spyware via iMessage

Apple addressed three new zero-day vulnerabilities exploited in attacks installing Triangulation spyware on iPhones via iMessage zero-click exploits.

The attacks started in 2019 and are still ongoing, according to Kaspersky, who reported in early June that some iPhones on its network were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.

The company addressed the three zero-days in macOS Ventura 13.4.1, macOS Monterey 12.6.7, macOS Big Sur 11.7.8, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, watchOS 9.5.2, and watchOS 8.8.1 with improved checks, input validation, and state management.

The list of affected devices is quite extensive, as the zero-day affects older and newer models, and it includes:

    iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
    iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
    Macs running macOS Big Sur, Monterey, and Ventura
    Apple Watch Series 4 and later, Apple Watch Series 3, Series 4, Series 5, Series 6, Series 7, and SE
https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-days-used-to-deploy-triangulation-spyware-via-imessage/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #14 on: Monday, 10 July, 2023 @ 22:28:32 »
Quote
Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

Today's list of emergency patches includes:

    macOS Ventura 13.4.1 (a)
    iOS 16.5.1 (a)
    iPadOS 16.5.1 (a)
https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #15 on: Tuesday, 25 July, 2023 @ 01:06:07 »
Quote
Apple fixes new zero-day used in attacks against iPhones, Macs

Apple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads.

The list of devices impacted by the two zero-days fixed today is quite extensive, and it includes a wide range of iPhone and iPad models, as well as Macs running macOS Big Sur, Monterey, and Ventura.
https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-used-in-attacks-against-iphones-macs/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #16 on: Friday, 08 September, 2023 @ 18:36:48 »
Quote
Apple zero-click iMessage exploit used to infect iPhones with spyware

Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.

Citizen Lab also urged Apple customers to update their devices immediately and encouraged those at risk of targeted attacks due to their identity or profession to activate Lockdown Mode.

The list of affected devices includes:

    iPhone 8 and later
    iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
    Macs running macOS Ventura
    Apple Watch Series 4 and later
https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #17 on: Friday, 22 September, 2023 @ 08:47:36 »
Quote
Apple emergency updates fix 3 new zero-days exploited in attacks

Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days fixed this year.

The list of impacted devices encompasses older and newer device models, and it includes:

    iPhone 8 and later
    iPad mini 5th generation and later
    Macs running macOS Monterey and newer
    Apple Watch Series 4 and later
https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #18 on: Thursday, 05 October, 2023 @ 14:58:23 »
Quote
Apple emergency update fixes new zero-day used to hack iPhones

Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users.

The list of impacted devices is quite extensive, and it includes:

    iPhone XS and later
    iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Today's iOS 17.0.3 release also addresses a known issue causing iPhones running iOS 17.0.2 and lower to overheat.
https://www.bleepingcomputer.com/news/apple/apple-emergency-update-fixes-new-zero-day-used-to-hack-iphones/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #19 on: Friday, 13 October, 2023 @ 11:10:54 »
Quote
Apple fixes iOS Kernel zero-day vulnerability on older iPhones

Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.

The list of devices impacted by the two zero-day bugs is extensive, and it includes:

    iPhone 8 and later
    iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-kernel-zero-day-vulnerability-on-older-iphones/


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #20 on: Saturday, 25 November, 2023 @ 20:03:34 »
Quote
Atomic Stealer malware strikes macOS via fake browser updates

The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.

The ClearFake campaign started in July this year to target Windows users with fake Chrome update prompts that appear on breached sites via JavaScript injections.

The ClearFake campaign now targeting Macs is a reminder for Apple users to strengthen their security and be careful with downloads, especially prompts to update your browser when visiting websites... all Safari browser updates will be distributed through macOS's Software Update, or for other browsers, within the browser itself.

Therefore, if you see any prompts to download browser updates on websites, they should be ignored.
https://www.bleepingcomputer.com/news/security/atomic-stealer-malware-strikes-macos-via-fake-browser-updates/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #21 on: Monday, 04 December, 2023 @ 15:02:27 »
Quote
New proxy malware targets Mac users through pirated software

Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites.

Proxy trojan malware infects computers, turning them into traffic-forwarding terminals used to anonymize malicious or illegal activities such as hacking, phishing, and transactions for illicit goods.

The campaign takes advantage of people's willingness to risk their computer's security to avoid paying for premium apps.

Kaspersky found 35 image editing, video compression and editing, data recovery, and network scanning tools laced with the proxy trojan to bait users looking for free versions of commercial software.
https://www.bleepingcomputer.com/news/security/new-proxy-malware-targets-mac-users-through-pirated-software/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #22 on: Tuesday, 23 January, 2024 @ 04:09:57 »
Quote
Apple fixes first zero-day bug exploited in attacks this year

Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.

While this zero-day vulnerability was likely only used in targeted attacks, installing today's security updates as soon as possible is highly advised to block potential attack attempts.
https://www.bleepingcomputer.com/news/apple/apple-fixes-first-zero-day-bug-exploited-in-attacks-this-year/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #23 on: Wednesday, 24 January, 2024 @ 23:15:44 »
Quote
How to protect your private information from phone thieves with Apple’s latest update

With a phone stolen every six minutes in the capital and mobile theft up 73% in the past five years, protecting your data has become imperative.

This week, Apple released their latest update iOS 17.3 which includes their Stolen Device Protection feature.

This additional feature adds an extra layer of security when an iPhone is away from familiar locations, such as work or home.

Here, ITV News explains how these measures will help protect a thief from making changes to your account or device or access your account details.
https://www.itv.com/news/2024-01-24/how-to-protect-your-private-information-from-phone-thieves

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Apple attack
« Reply #24 on: Friday, 26 January, 2024 @ 00:42:21 »
Quote
Apple makes dramatic changes to the iPhone and App Store
New rules are in response to sweeping new legislation from the European Union – though global users will also see changes

Apple will make some of the most fundamental changes to the way the iPhone and its apps work since it was launched, it has announced.

The company will allow users to download apps from other sources for the first time, it said, as well as letting developers offer new ways to pay for goods inside those apps.

The new changes mean, for example, that another company can offer their own rival market for apps. Those apps might include content that Apple would otherwise ban, such as pornography.

Apple has been forced to make the changes in response to the EU’s Digital Markets Act. It has long lobbied against those new rules, and as it announced the changes said that they subjected people in the EU to “many risks”.

The company has always said that only allowing apps from the App Store keeps iPhones safe, since it means that malware and other threats cannot install themselves on users’ phones. It has made much the same argument about its payment offerings: at the moment, apps can only use Apple’s platform, which it says ensures users stay safe from fraud.

Forcing Apple to add new options for payments and downloading apps “open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats”, it said in its announcement. It said that it had taken measures to act against those threats, but that even with them in place, “many risks remain”.
https://www.independent.co.uk/tech/apple-iphone-app-store-eu-b2484966.html