Tag Archive for: Macs

Apple fixes 2 zero-day bugs exploited to hack iPhones, Macs

/in


Apple has fixed two new zero-day security vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads, in its latest software update.

According to BleepingComputer, the two zero-day security vulnerabilities were addressed in iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1 with improved input validation and memory management.

The first security flaw is an IOSurfaceAccelerator that could lead to the corruption of data, a crash, or code execution.

Successful exploitation enables attackers to execute arbitrary code with kernel privileges on targeted devices by using a maliciously crafted app, said the report.

The second zero-day vulnerability is a WebKit that allows data corruption or arbitrary code execution when freed memory is reused.

An attacker can exploit this flaw by tricking targets into loading malicious web pages under their control, resulting in code execution on compromised systems.

Meanwhile, researchers have tracked 55 zero-day vulnerabilities that were exploited in 2022 by the hackers, mostly targeting Microsoft, Google and Apple products.

According to information security company Mandiant report, products of Microsoft, Google and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with the previous years, and the most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (six).

Source…

Apple warns of security flaw that lets hackers into iPhones, iPads and Macs

/in


SAN FRANCISCO: Apple is warning of a flaw that is allowing hackers to seize control of iPhones, iPads and Mac computers, and is urging users to install emergency software updates.

Patches were released on Wednesday (Aug 17) and Thursday by the tech titan to fix what it described as a vulnerability hackers already knew about and may be taking advantage of.

“Apple is aware of a report that this issue may have been actively exploited,” the Silicon Valley-based company said.

Apple did not disclose whether it had information regarding the extent to which the issue has been exploited.

It released two security reports about the issue on Wednesday, although they did not receive wide attention outside of tech publications. 

The technical description indicated that a hacker could use the flaw to take control of devices, accessing any of its data or capabilities.

That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.

Patches were released for iPhones, iPads and Mac computers running on operating systems with the vulnerability.

Security experts have advised users to update affected devices — the iPhone 6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.

Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.

NSO Group has been blacklisted by the US Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched.

The company has previously…

Source…

Apple Security Update Closes Spyware Flaw in iPhones, Macs and iWatches

/in


Apple on Monday issued emergency software updates for a critical vulnerability in its products after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, Apple Watch or Mac computer without so much as a click.

Apple’s security team has been working around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with spyware from NSO Group.

The spyware, called Pegasus, used a novel method to invisibly infect an Apple device without the victim’s knowledge for as long as six months. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into a victim’s device without tipping them off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record their messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send it back to NSO’s clients at governments around the world.

“This spyware can do everything an iPhone user can do on their device and more,” said John Scott-Railton, a senior researcher at Citizen Lab, who teamed up with Bill Marczak, a senior research fellow at Citizen Lab, on the finding.

In the past, victims only learned their devices were infected by spyware after receiving a suspicious link texted to their phone or email. But NSO Group’s zero-click capability gives the victim no such prompt, and enables full access to a person’s digital life. These capabilities can fetch millions of dollars on the underground market for hacking tools.

An Apple spokesman confirmed Citizen Lab’s assessment and said the company planned to add spyware barriers to its next iOS 15 software update, expected later this year.

NSO Group did not immediately respond to inquiries on Monday.

NSO Group has long drawn controversy. The company has said it sells its spyware to only governments that meet strict human rights standards. But over the past six years, its Pegasus…

Source…

Nearly 40,000 Macs infected by mysterious malware, researchers say

/in


The malware, dubbed Silver Sparrow, has not yet engaged in malicious activity.

Catherine Thorbecke

February 23, 2021, 9:32 PM

4 min read

Mysterious malware — that has not yet engaged in malicious activity — has infected nearly 40,000 Mac devices, according to the cybersecurity firm Red Canary, which first detected the threat.

The malware, dubbed by Red Canary as “Silver Sparrow,” is baffling researchers because of its elusive motives.

“Most malware has an ultimate goal,” Brian Donohue, an intelligence analyst at Red Canary, told ABC News via email. “It might be to steal sensitive information, cause damage to devices or servers, or block access to data. In this case, we don’t actually know what that ultimate goal is, because we haven’t observed Silver Sparrow engaging in malicious activity.”

Donohue noted, however, that most malware operations consist of multiple supporting functions that occur prior to the execution of malicious activity, such as gaining initial access or moving between devices on a network.

“In the case of Silver Sparrow, while we haven’t observed the final payload, we have seen other parts of the malware operation,” he added. “For example, we’ve observed it using built-in functions of macOS to install itself on victim machines and to maintain persistence across reboots.”

Donohue said a member of Red Canary’s cyber incident response team first detected the malware — which includes a code that runs on Apple’s new M1 chip — based on suspicious behavior from a customer’s device. They have not identified its origins.

“As of today, we can confirm that the threat has infected nearly 40,000 macOS devices,” he told ABC News, citing published data from antivirus firm Malwarebytes, though he said this is likely an “underestimation of the total scope of the threat.”

He added that the malware has been dubbed mysterious for two reasons, including that it lacks an ultimate payload and researchers cannot determine the purpose of the threat.

“The second relates to a file that, if present on an infected machine, causes Silver Sparrow to uninstall itself,” Donohue said. “We do not know why this file is present on certain systems or why its…

Source…