The Agora > Going Geek info
Apple attack
Maik:
--- Quote ---Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!
Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems.
To check for updates (and automatically fetch them if they haven’t been downloaded automatically yet), do this:
* On an iPad or iPhone. Go to
Settings > General > Software Update. If you are using iOS 14, you want 14.8.
* On a MacBook laptop or a desktop Mac. Go to
Apple menu > System Preferences > Software Update. If you are using macOS Big Sur 11, you want 11.6.
--- End quote ---
https://nakedsecurity.sophos.com/2021/09/14/apple-products-vulnerable-to-forcedentry-zero-day-attack-patch-now/
--- Quote ---Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs.
Apple zero-days run rampant in 2021
It has been a very busy year for Apple with what seems like an unending streaming of zero-day vulnerabilities used in targeted attacks against iOS and Mac devices.
--- End quote ---
https://www.bleepingcomputer.com/news/apple/apple-fixes-ios-zero-day-used-to-deploy-nso-iphone-spyware/
Maik:
--- Quote ---Apple emergency update fixes zero-days used to hack iPhones, Macs
Apple has released security updates on Thursday to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs.
Zero-day security bugs are flaws the software vendor is unaware of and hasn't patched.
The list of impacted devices includes:
Macs running macOS Monterey
iPhone 6s and later
iPad Pro (all), iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, iPod touch (7th gen)
Even though these zero-days were likely only used in targeted attacks, it's still strongly advised to install today's security updates as soon as possible to block potential attack attempts.
--- End quote ---
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/
--- Quote ---Here’s how to check your update status, and get the updates right away if you don’t have them already:
On your iPhone or iPad: Settings > General > Software Update
On your Mac: Apple menu > About this Mac > Software Update…
--- End quote ---
https://nakedsecurity.sophos.com/2022/04/01/apple-pushes-out-two-emergency-0-day-updates-get-em-now/
Maik:
--- Quote ---Apple emergency update fixes zero-day used to hack Macs, Watches
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices.
Zero-days are security flaws that the software vendor is unaware of and hasn't yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives or may be actively exploited in the wild.
The list of impacted devices includes Apple Watch Series 3 or late, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.
Although this zero-day was most probably only used in targeted attacks, it's still strongly advised to install today's macOS and watchOS security updates as soon as possible to block attack attempts.
--- End quote ---
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
Maik:
--- Quote ---Apple security updates fix 2 zero-days used to hack iPhones, Macs
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.
Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively exploited in attacks.
Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.
The list of devices affected by both vulnerabilities are:
Macs running macOS Monterey
iPhone 6s and later
iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Likely, these zero-days were only used in targeted attacks, but it's still strongly advised to install today's security updates as soon as possible.
--- End quote ---
https://www.bleepingcomputer.com/news/security/apple-security-updates-fix-2-zero-days-used-to-hack-iphones-macs/
--- Quote ---What to do?
Patch at once!
At the time of writing, Apple has published advisories for iPad OS 15 and iOS 15, which both get updated version numbers of 15.6.1, and for macOS Monterey 12, which gets an updated version number of 12.5.2.
On your iPhone or iPad: Settings > General > Software Update
On your Mac: Apple menu > About this Mac > Software Update…
There’s also an update that takes watchOS to version 8.7.1, but that update doesn’t list any CVE numbers, and doesn’t have a security advisory of its own.
There’s no word on whether the older supported versions of macOS (Big Sur and Catalina) are affected but don’t yet have updates available, or whether tvOS is vulnerable but not yet patched.
--- End quote ---
https://nakedsecurity.sophos.com/2022/08/18/apple-patches-double-zero-day-in-browser-and-kernel-update-now/
Maik:
--- Quote ---Apple backports fix for actively exploited iOS zero-day to older iPhones
Apple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices.
The list of devices today's security updates apply to includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation), all of them running iOS 12.5.6.
Although this zero-day vulnerability was most likely only used in targeted attacks, it's still strongly advised to install today's iOS security updates as soon as possible to block potential attack attempts.
--- End quote ---
https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-actively-exploited-ios-zero-day-to-older-iphones/
Navigation
[0] Message Index
[#] Next page
Go to full version