Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
Apple develops operating systems and devices whose vulnerabilities, security advisories, and updates affect users, enterprises, and connected ecosystems.
Search across headline titles and summaries.
Background for this topic.
Apple’s ecosystem consists of proprietary operating systems like iOS and macOS, powering devices such as iPhones, iPads, and Macs. These platforms integrate hardware-based security features—such as secure enclaves for cryptographic operations, mandatory app sandboxing, and biometric authentication—to protect user data and system integrity. Apple’s tightly controlled app distribution through the App Store reduces exposure to malware but does not eliminate risks from zero-day exploits or sophisticated attacks targeting system vulnerabilities.
Security practitioners must prioritize timely application of Apple’s security updates, as unpatched iOS and macOS flaws are frequently targeted for privilege escalation and remote code execution. Credential attacks against Apple ID and iCloud services remain common, enabling unauthorized access to sensitive data and backups. Understanding Apple’s privacy settings, encryption mechanisms, and forensic artifact availability is critical for detecting and mitigating threats within environments that include Apple devices.
Weekly headline count for the current query.
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
iBiz might not win the AI race, but analysts say it's focusing on features people may actually use
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
Affected factories back up and running, we're told
After years of stopping dead at the green bubble border, iPhone and Android users can finally send E2EE messages without relying on third-party apps
University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.…
Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…
Wash your mouth out with digital soap Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an attacker-controlled result and putting millions of users at risk, researchers have shown.…
Omnissa telemetry suggests business buyers are loving Apple and Google End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft.…
Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.…
This isn't just a nostalgia trip – billions of legacy microcontrollers may be at risk AI can reverse engineer machine code and find vulnerabilities in ancient legacy architectures, says Microsoft Azure CTO Mark Russinovich, who used his own Apple II code from 40 years ago as an example.…
Retains eight-weekly Extended Stable releases but warns fortnightly updates are the best way to stay safe Google will halve the time between releases of its Chrome browser to two weeks, across versions of the software for desktop operating systems, Android, and iOS.…
Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…
The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.…
PLUS: Debian supports Chinese chips ; Hong Kong’s Christmas Karaoke crackdown; Asahi admits it should have prevented hack; And more! APAC in Brief Google and Apple last week started to allow developers of mobile applications to distribute their wares through third-party app stores and accept payments from alternative payment providers.…
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…
PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more! Asia in Brief Singapore’s government last week told Google and Apple to prevent fake government messages.…
Relies on very loose permissions, but don’t worry – Google wrote it in Rust Google has linked Android’s wireless peer-to-peer file sharing tool Quick Share to Apple’s equivalent AirDrop.…
PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more Infosec in brief Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware.…
Committee says Apple, Google, and Samsung could render stolen handsets worthless if compelled to act The UK's Home Secretary should use her powers to push the tech industry to deploy stronger technical measures against the surge in phone thefts, according to a House of Commons committee.…