Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Apple warns of “privacy and security threats” after EU requires it to allow sideloading
January 30, 2024
Despite several warnings about the risks, Apple will allow European iPhone owners to install apps obtained from outside the official App store (sideloading). These drastic changes are brought about to comply with the European Union’s (EU) Digital Markets Act (DMA). The Digital Markets Act (DMA) establishes a set of clearly defined objective criteria to identify “gatekeepers”. ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...
- CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
January 24, 2024
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user via the administration portal. Fortra lists the root cause of CVE-2024-0204 as CWE-425: ...
- Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
January 19, 2024
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to ...
- Update Chrome – Google patches actively exploited zero-day vulnerability
January 18, 2024
Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up ...
- Ivanti vulnerabilities now actively exploited in massive numbers
January 17, 2024
The researchers that discovered the active exploitation are warning that these attacks are now very widespread. The fact that there are no patches available and users were asked to apply a workaround and monitor their network traffic for suspicious activity, may have contributed to the slow response to the sounded alarms. Almost 7000 devices remain vulnerable ...