Apple releases security patches for iOS, MacOS Tahoe, Safari


Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac.

The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas.

What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari as well as every browser on iPhone, including Chrome, Firefox, and Edge. It also looks like several of the issues Apple has addressed can be chained together to steal data or run malicious code with little or no user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft: Hackers using Zerologon exploits in attacks, patch now!

    September 23, 2020

    Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates. As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as ‘CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability’.from other specific target ...

  • US govt orders federal agencies to patch dangerous Zerologon bug by Monday

    September 20, 2020

    The Department of Homeland Security’s cybersecurity division has ordered federal civilian agencies to install a security patch for Windows Servers, citing “unacceptable risk” posed by the vulnerability to federal networks. The DHS order was issued via an emergency directive, a rarely-used legal mechanism through which US government officials can force federal agencies into taking various actions. The ...

  • Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

    September 16, 2020

    Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder. Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release. On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 ...

  • Palo Alto Networks fixes critical flaw in PAN-OS firewall software

    September 11, 2020

    Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls. The issue received the identification number CVE-2020-2040 and has a severity score of 9.8 out of 10 and requires no user interaction. An unauthenticated attacker can exploit it by sending a malicious request to specific ...

  • September Patch Tuesday Updates Exchange, SharePoint

    September 9, 2020

    This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse. Specifically, CVE-2020-16875 can be exploited for remote code execution ...

  • Cisco Critical Flaw Patched in WAN Software Solution

    August 19, 2020

    Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged ...