Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit.
After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March 24 security bulletin. Apple first released iOS/iPadOS 18.7.7 on March 24 to a small set of older devices (iPhone XS/XS Max/XR and 7th‑gen iPad), fixing several vulnerabilities that are part of the DarkSword exploit chain. Newer devices that had the option to upgrade to iOS/iPadOS 26 had stopped receiving iOS 18 point updates, leaving a large group of users effectively stranded on vulnerable 18.x builds.
Read more…
Source: Malwarebytes Lab
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Three major vulnerabilities found in Cisco SMB switches
August 7, 2019
Three of Cisco’s most popular switches for SMBs contain serious security flaws that could allow a hacker to remotely access the device and infiltrate an organisation’s network. The critical vulnerabilities, which affect Cisco’s Small Business 220 Series of smart switches, include a remote code execution (RCE) bug rated 9.8/10 by Cisco in terms of threat severity, an authentication bypass rated 9.1/10 ...
- KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
August 7, 2019
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any “.desktop” or “.directory” file for a while. A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run ...
- New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits
August 6, 2019
A newly uncovered vulnerability affecting every Windows computer using an Intel processor built since 2012 could allow attackers to bypass safeguards and access information held in a system’s protected kernel memory. This new side-channel attack is built on previous research into other CPU vulnerabilities – such as Spectre and Meltdown – but this new vulnerability can bypass the ...
- Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs
August 6, 2019
Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is ...
- Microsoft Lab Offers $300K For Working Azure Exploits
August 5, 2019
In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testing environment, dubbed Azure Security Lab. The exclusive program will ...
- New Dragonblood vulnerabilities found in WiFi WPA3 standard
August 3, 2019
Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these two new bugs in ...