What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Exploit

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more

S3 Ep144: When threat hunting goes down a rabbit hole

by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth . . . Read more

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

by Paul Ducklin Remember that zipped-lipped but super-fast update that Apple pushed out three weeks ago, on 2023-05-01? That update was the very first in Apple’s newfangled Rapid Security Response process, whereby the company can push out critical patches for key system components without going through a full-size operating system . . . Read more

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

by Paul Ducklin We’ll be honest, and admit that we hadn’t heard of the printer management software PaperCut until this week. In fact, the first time we heard the name was in the context of cybercriminality and malware attacks, and we naively assumed that “PaperCut” was what we like to . . . Read more

Microsoft fixes a zero-day – and two curious bugs that take the Secure out of Secure Boot

by Paul Ducklin It’s Patch Tuesday Week (if you will allow us our daily pleonasm), and Microsoft’s updates include fixes for a number of security holes that the company has dubbed Critical, along with a zero-day fix, although the 0-day only gets a rating of Important. The 0-day probably got . . . Read more

Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads

by Paul Ducklin Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by . . . Read more

Apple issues emergency patches for spyware-style 0-day exploits – update now!

by Paul Ducklin Apple just issued a short, sharp series of security fixes for Macs, iPhones and iPads. All supported macOS versions (Big Sur, Monterey and Ventura) have patches you need to install, but only the iOS 16 and iPadOS 16 mobile versions currently have updates available. As ever, we . . . Read more

Apple patches everything, including a zero-day fix for iOS 15 users

by Paul Ducklin Apple’s latest update blast is out, including an extensive range of security patches for all devices that Apple offcially supports. There are fixes for iOS, iPadOS, tvOS and watchOS, along with patches for all three supported flavours of macOS, and even a special update to the firmware . . . Read more