An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
||
apple ipados |
||
apple macos |
||
apple watchos |
Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...
Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov, Valentin Pashkov, and Mikhail Vinogradov. This presentation was also the ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Kaspersky first found this software nasty on its own phones
Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "may have been actively exploited against versions of iOS released before iOS 15.7," according to Apple's security update. Exploiting this flaw allows the execution of arbitrary code with kernel privileges. This is the second patch that Apple has issued to fix the vulnerability. ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Snoops may be targeting macOS in addition to iPhones, Kaspersky says
Whoever is infecting people's iPhones with the TriangleDB spyware may be targeting macOS computers with similar malware, according to Kaspersky researchers. In the security shop's ongoing analysis of the smartphone snooping campaign – during which attackers exploit a kernel vulnerability to obtain root privileges and install TriangleDB on victims' handsets – Kaspersky analysts uncovered 24 commands provided by the malware that can be used for a range of illicit activities; everything from st...