Information Management Today

mobile-security apple-ios-zero-day-vulnerabilities-exploited-in-targeted-attacks

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. An attacker can trigger the flaw by tricking the victim into visiting specially crafted web content that may lead to arbitrary code execution. Apple fixed the flaw with improved checks.

Security

Security Risk Government IT

Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari

Security Affairs

JUNE 22, 2023

Apple rolled out security updates to address actively exploited zero-day flaws in iOS, iPadOS, macOS, watchOS, and Safari. Apple addressed a set of vulnerabilities in iOS, iPadOS, macOS, watchOS, and the Safari browser that were actively exploited in the wild.

Security

Security IT Information Security

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

Apple addresses three actively exploited iOS zero-days

Security Affairs

NOVEMBER 5, 2020

Apple released iOS 14.2 that addressed three zero-day vulnerabilities in its mobile OS that have been abused in attacks in the wild. Apple has addressed three iOS zero-day vulnerabilities actively exploited in attacks the wild and affecting iPhone, iPad, and iPod devices.

IT Security Information Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

OCTOBER 30, 2023

Organizations that possess effective patch and vulnerability management suffer stress earlier as vulnerabilities are announced and their teams work hard to eliminate them. Organizations that don’t patch promptly likely suffer additional stress when the unpatched vulnerabilities are targeted by attackers.

Authentication

Authentication Cloud Access Cybersecurity

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Cybersecurity

Cybersecurity Education Risk Security

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Phishing Authentication

Apple Patches Vulnerabilities in iOS Exploited by Spyware

eSecurity Planet

SEPTEMBER 14, 2021

Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal ). Spyware Vulnerability. Fast Fixes by Apple.

Government

Government Cybersecurity Libraries Security

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Security Affairs

SEPTEMBER 13, 2021

Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in the wild. Some of the activists were hacked using two zero-click iMessage exploits: the 2020 KISMET exploit and a 2021 exploit that we call FORCEDENTRY.”

Government

Government Security IT Information Security

Zero-Click Attacks a Growing Threat

eSecurity Planet

FEBRUARY 22, 2022

Most attacks make would-be victims click to install malware or redirect them to a phishing page to steal their credentials. Zero-click attacks remove this hurdle. They can compromise the targeted device despite a victim’s good security hygiene and practices. Spyware and Zero-Days: A Troubling Market.

Government

Government Marketing Analytics Access

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

Security Affairs

AUGUST 24, 2021

Citizen Lab uncovered a new zero-click iMessage exploit that was used to deploy the NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. Researchers from Citizen Lab spotted a zero-click iMessage exploit that was used to deploy NSO Group’s Pegasus spyware on Bahraini activists’ devices.

Sales

Sales Government Security IT

WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

Security Affairs

NOVEMBER 16, 2019

The popular messaging platform WhatsApp made the headlines again, a new bug could be exploited by hackers to secretly install spyware. According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices.

Metadata

Metadata Security IT Information Security

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. Journalists, Government Officials Targeted.

Security

Security Government Privacy Ransomware

Security Affairs newsletter Round 334

Security Affairs

OCTOBER 3, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here.

Security

Security Data breaches Information Security Risk

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

A new shocking revelation comes from the disputed from NSO Group and Facebook, NSO CEO claims Facebook tried to buy an Apple spying software in 2017. In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. ”the court filing reads.

Government

Government Privacy IT Security

Operation Triangulation attacks relied on an undocumented hardware feature

Security Affairs

DECEMBER 28, 2023

Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices.

Communications

Communications Access IT Security

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

eSecurity Planet

OCTOBER 2, 2023

Vulnerabilities carrying high severity scores require urgent attention, and many of this week’s critical vulnerabilities are no exception. A host of zero-day vulnerabilities, several under active attack, will require immediate attention for patching or mitigation.

Encryption

Encryption Cybersecurity Ransomware Access

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

Security Affairs

JULY 24, 2023

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day.

Security

Security IT Information Security

Analyzing the TriangleDB implant used in Operation Triangulation

Security Affairs

JUNE 22, 2023

Kaspersky provided more details about Operation Triangulation, including the exploitation chain and the implant used by the threat actors. Kaspersky researchers dug into Operation Triangulation and discovered more details about the exploit chain employed to deliver the spyware to iOS devices.

Libraries

Libraries Encryption Security IT

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari

Webinars

Trending Sources

Apple addresses three actively exploited iOS zero-days

Webinars

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Apple Patches Vulnerabilities in iOS Exploited by Spyware

Apple fixes actively exploited FORCEDENTRY zero-day flaws

Zero-Click Attacks a Growing Threat

New zero-click exploit used to target Bahraini activists’ iPhones with NSO spyware

WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Security Affairs newsletter Round 334

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Operation Triangulation attacks relied on an undocumented hardware feature

Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities

Apple addressed a new actively exploited zero-day tracked as CVE-2023-38606

Analyzing the TriangleDB implant used in Operation Triangulation

Stay Connected