Apple Reverses Age-Old Patch Policy to Keep Up With AI
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business
Look over there! Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that could allow attackers to steal private data. Redmond reported the bug to Cupertino, which issued a fix back in March.…
Researchers in Proof of Concept Show Exploit Potential for Widely Used SoftwareTechnical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token.
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system
Apple has patched a zero-day vulnerability being exploited in targeted attacks
Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information
Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware
Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.…
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.
Security researchers with The Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. [...]
No user interaction needed for this one as Pegasus turns up via iMessage Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. [...]