Pierluigi Paganini
April 10, 2023
US Cybersecurity and Infrastructure Security Agency (CISA) added two flaws in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog: This week Apple has released emergency security updates to address the above actively exploited zero-day […]
Pierluigi Paganini
December 14, 2022
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856). Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The flaw is the tenth actively exploited zero-day vulnerability since the start of the […]
Pierluigi Paganini
November 23, 2022
Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users. Apple collects both DSID and Apple ID, which means that it can use the […]
Pierluigi Paganini
October 24, 2022
Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year. Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write issue that can be exploited by an attacker to […]
Pierluigi Paganini
September 01, 2022
Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates to backport patches released this month to older iPhone and iPad devices addressing the CVE-2022-32893 flaw. The CVE-2022-32893 flaw is an out-of-bounds issue that impacts WebKit. An attacker can trigger the flaw by tricking target devices into processing maliciously crafted web […]
Pierluigi Paganini
February 06, 2022
One of the Apple iOS zero-day flaws exploited by the NSO group was also used by another surveillance firm named QuaDream. One of the vulnerabilities in Apple iOS that was previously exploited by the spyware developed by the Israeli company NSO Group was also separately used by another surveillance firm named QuaDream. Like NSO Group, QuaDream develops […]
Pierluigi Paganini
January 06, 2022
Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs while spies on the user. The technique is based on the concept of simulating a shutdown of the iPhone when the victim attempts […]
Pierluigi Paganini
October 25, 2021
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group’s Pegasus spyware. The device was compromised two times, in July 2020 and June 2021. The attacks were […]
Pierluigi Paganini
September 30, 2021
Security researchers devised a new attack method against iPhone owners using Apple Pay and Visa payment cards. Boffins from the University of Birmingham and the University of Surrey exploited a series of vulnerabilities in an attack against iPhone owners using Apple Pay and Visa payment cards. A team of researchers has demonstrated a new attack […]
Pierluigi Paganini
September 23, 2021
Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of […]
