Apple releases security patches for iOS, MacOS Tahoe, Safari


Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac.

The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas.

What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari as well as every browser on iPhone, including Chrome, Firefox, and Edge. It also looks like several of the issues Apple has addressed can be chained together to steal data or run malicious code with little or no user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • iPhone flaw could read your saved passwords out loud – update now

    October 7, 2024

    Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...

  • CISA flags major Ivanti security flaw – patch now

    October 3, 2024

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...

  • Malware exploits braille characters to breach Windows security flaws

    September 16, 2024

    The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files. In the most recent Patch Tuesday cumulative update, Microsoft addressed a flaw described as “Windows MSHTML spoofing vulnerability”, ...

  • New Windows Cyber Attacks Confirmed – CISA Says Update By September 3

    August 14, 2024

    Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities have confirmed and active cyber attacks against them already. So serious are these zero-day security issues that the U.S. Cybersecurity and ...

  • July Patch Tuesday Unleashes a Torrent of Updates

    July 9, 2024

    With the information security industry’s two largest conferences (Black Hat Briefings and Def Con) set to happen in less than a month, Microsoft pulled out all the stops and, for July, nearly tripled the number of patches they released in June for problems discovered in Windows, Office, and software that runs under various server and ...

  • High-Risk Path Traversal in SolarWinds Serv-U

    July 3, 2024

    The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file transfer facility and control inside and outside the organization. Identified as CVE-2024-28995, SolarWinds Serv-U 15.4.2 HF 1 and previous versions allow an ...