Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).
Apple develops operating systems and devices whose vulnerabilities, security advisories, and updates affect users, enterprises, and connected ecosystems.
Search across headline titles and summaries.
Background for this topic.
Apple’s ecosystem consists of proprietary operating systems like iOS and macOS, powering devices such as iPhones, iPads, and Macs. These platforms integrate hardware-based security features—such as secure enclaves for cryptographic operations, mandatory app sandboxing, and biometric authentication—to protect user data and system integrity. Apple’s tightly controlled app distribution through the App Store reduces exposure to malware but does not eliminate risks from zero-day exploits or sophisticated attacks targeting system vulnerabilities.
Security practitioners must prioritize timely application of Apple’s security updates, as unpatched iOS and macOS flaws are frequently targeted for privilege escalation and remote code execution. Credential attacks against Apple ID and iCloud services remain common, enabling unauthorized access to sensitive data and backups. Understanding Apple’s privacy settings, encryption mechanisms, and forensic artifact availability is critical for detecting and mitigating threats within environments that include Apple devices.
Weekly headline count for the current query.
Another month, another patch for in-the-wild iPhone malware (and a whole lot more).
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Apple didn't use the words "Triangulation Trojan", but you probably will.
All Apple users have zero-days that need patching, though some have more zero-days than others.
Entertaining, educational, and all in plain English 🎧📖
To bleat, or not to bleat, that is the question.
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!
Don't delay, especially if you're still running an iOS 12 device... please do it today!
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.
There's an update for everything this time, not just for iOS.
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...
Not a zero-day, but important enough for a quick-fire patch to one system library...
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...