Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit.
After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March 24 security bulletin. Apple first released iOS/iPadOS 18.7.7 on March 24 to a small set of older devices (iPhone XS/XS Max/XR and 7th‑gen iPad), fixing several vulnerabilities that are part of the DarkSword exploit chain. Newer devices that had the option to upgrade to iOS/iPadOS 26 had stopped receiving iOS 18 point updates, leaving a large group of users effectively stranded on vulnerable 18.x builds.
Read more…
Source: Malwarebytes Lab
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Zero-Day Flash Exploit Targeting Middle East
June 7, 2018
A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by Adobe. Read more… Source: ThreatPost
- Researchers Warn of Microsoft Zero-Day RCE Bug
June 1, 2018
Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. Read more… Source: ...
- Microsoft, Google: We’ve found a fourth variant of Meltdown-Spectre CPU holes
May 21, 2018
A fourth variant of the data-leaking Meltdown-Spectre security flaws in modern processors has been found by Microsoft and Google researchers. These speculative-execution design blunders can be potentially exploited by malicious software running on a vulnerable device or computer, or a miscreant logged into the system, to slowly extract secrets, such as passwords, from protected kernel or application memory, ...
- Wicked Botnet Uses Passel of Exploits to Target IoT
May 21, 2018
Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all ...
- DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide
May 21, 2018
Widespread routers’ DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users’ login credentials and the secret code for two-factor authentication. Read more… Source: The ...
- Critical Linux Flaw Opens the Door to Full Root Access
May 16, 2018
Red Hat has patched a vulnerability affecting the DHCP client packages that shipped with Red Hat Enterprise Linux 6 and 7. A successful exploit could give an attacker root access and full control over enterprise endpoints. According to an alert issued Wednesday from US-CERT, the critical-rated flaw, first reported by Google researcher Felix Wilhelm, would “allow attackers to ...