All posts in OS-X

by Paul Ducklin Betteridge’s Law of Headlines insists that any headline posed as a question can instantly be answered with a simple “No.” Apparently, the theory behind this witticism (it’s not actually a Law, nor yet a rule, nor even in fact anything more than a suggestion) is that if . . . Read more
11 Jul, 2023
0-day, Apple, Apple Safari, CVE-2023-37450, iOS, OS-X, Security News, Uncategorized, Vulnerability, WebKit, zero day
0

by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download . . . Read more

by Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Most notable about the original story was its strapline: Targeted attack on [Kaspersky] management with the Triangulation Trojan. Although the company ultimately said, “We’re confident that . . . Read more

by Paul Ducklin Last week, we warned about the appearance of two critical zero-day bugs that were patched in the very latest versions of macOS (version 13, also known as Ventura), iOS (version 16), and iPadOS (version 16). Zero-days, as the name suggests, are security vulnerabilities that were found by . . . Read more

Not a zero-day, but important enough for a quick-fire patch to one system library…
25 Oct, 2022
0-day, Apple, CVE-2022-42827, Exploit, iOS, iPad, iPhone, Mac, OS-X, Security News, Vulnerability, zer-day
0

Ventura hits the market with 112 patches, Catalina’s gone missing, and iPhones and iPads get a critical kernel-level zero-day patch…

Five updates, one upgrade, plus a zero-day. Patch your Macs, iPhones and iPads as soon as you can (again)…
18 Aug, 2022
Apple, CVE-2022-32893, CVE-2022-32894, iOS, iPadOS, jailbreak, macOS, Malware, OS-X, Security News, Spyware, Vulnerability
0

Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

There’s many a slip ‘twixt the cup and the lip. Or at least between the TOC and the TOU…

You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.