This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple ipados |
||
apple iphone os |
||
apple macos |
||
apple watchos |
||
apple tvos |
Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...
Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov, Valentin Pashkov, and Mikhail Vinogradov. This presentation was also the ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Kaspersky first found this software nasty on its own phones
Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "may have been actively exploited against versions of iOS released before iOS 15.7," according to Apple's security update. Exploiting this flaw allows the execution of arbitrary code with kernel privileges. This is the second patch that Apple has issued to fix the vulnerability. ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources 'This is no ordinary vulnerability' sec pros explain
Kaspersky's Global Research and Analysis Team (GReAT) has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection. Addressed in CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions up to 16.6, according to the cybersecurity outfit. Kaspersky reckons the hardware feature might have been intended for testing or debugging. Certainly, the GReAT gang couldn't find any public documentation on it...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources One spotted by Amnesty International - wonder what that was used for?
Apple has released fixes for several security flaws that affect its iPhones, iPads, macOS computers, and Apple TV and watches, and warned that some of these bugs have already been exploited. Here's a quick list of all of the security updates released late on Monday afternoon: On Tuesday the US government's Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm, too, warning that "an attacker could exploit some of these vulnerabilities to take control of an affected device."&nb...
Vulmon