Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors
June 13, 2023
As Endpoint Detection and Response (EDR) solutions improve malware detection efficacy on Windows and Linux systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi hosts. In late 2022, Mandiant published details surrounding a novel malware system deployed ...
- MOVEit Vulnerabilities: What You Need to Know
June 12, 2023
Extortion actors have been actively exploiting a recently patched vulnerability in MOVEit Transfer, a file-transfer application that is widely used to transmit information between organizations. The nature of the software affected means that attackers can exploit unpatched systems to mount a supply chain attack against multiple organizations. While the original vulnerability (CVE-2023-34362) was patched on May ...
- CISA Releases Two Industrial Control Systems Advisories
June 8, 2023
CISA released two Industrial Control Systems (ICS) advisories on June 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-159-01 Atlas Copco Power Focus 6000 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One Known Exploited Vulnerability to Catalog
- #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
June 7, 2023
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate ...
- CISA Releases Two Industrial Control Systems Advisories
June 6, 2023
CISA released two Industrial Control Systems (ICS) advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward
June 5, 2023
Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...