Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit.
After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March 24 security bulletin. Apple first released iOS/iPadOS 18.7.7 on March 24 to a small set of older devices (iPhone XS/XS Max/XR and 7th‑gen iPad), fixing several vulnerabilities that are part of the DarkSword exploit chain. Newer devices that had the option to upgrade to iOS/iPadOS 26 had stopped receiving iOS 18 point updates, leaving a large group of users effectively stranded on vulnerable 18.x builds.
Read more…
Source: Malwarebytes Lab
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
December 13, 2018
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...
- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild
December 11, 2018
Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day vulnerability that was being exploited in the wild. Just like in the last two months, and for ...
- New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
December 6, 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to ...
- UK’s NCSC Explains How They Handle Discovered Vulnerabilities
December 1, 2018
When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if ...
- Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency
November 27, 2018
A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository. Although the malicious code was discovered last week, researchers were able to determine ...
- Old Printer Vulnerabilities Die Hard
November 23, 2018
New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers. Just this past summer researchers at Check Point found ...