Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Apple develops operating systems and devices whose vulnerabilities, security advisories, and updates affect users, enterprises, and connected ecosystems.
Search across headline titles and summaries.
Background for this topic.
Apple’s ecosystem consists of proprietary operating systems like iOS and macOS, powering devices such as iPhones, iPads, and Macs. These platforms integrate hardware-based security features—such as secure enclaves for cryptographic operations, mandatory app sandboxing, and biometric authentication—to protect user data and system integrity. Apple’s tightly controlled app distribution through the App Store reduces exposure to malware but does not eliminate risks from zero-day exploits or sophisticated attacks targeting system vulnerabilities.
Security practitioners must prioritize timely application of Apple’s security updates, as unpatched iOS and macOS flaws are frequently targeted for privilege escalation and remote code execution. Credential attacks against Apple ID and iCloud services remain common, enabling unauthorized access to sensitive data and backups. Understanding Apple’s privacy settings, encryption mechanisms, and forensic artifact availability is critical for detecting and mitigating threats within environments that include Apple devices.
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Did we just time warp back to 2013? Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "thousands" of diplomats worldwide.…
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [...]
Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks.
A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019
Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.
Apple's Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?
Discovered by Microsoft and dubbed "Migraine," the flaw was disclosed to Apple and patched
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices
Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...]