'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.
Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000. [...]
Threat actors are targeting Internet-exposed Fortinet appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution. [...]
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite. [...]
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite. [...]
The flaw is triggered using the Race Condition between temporary file creation and deletion
Ransomware group tries to demonize carriers in negotiations
The malware was used by a previously unknown threat actor against targets in Taiwan
Samsung has developed a new security system called Samsung Message Guard to help Galaxy smartphone users keep safe from the so-called "zero-click" exploits that use malicious image files. [...]