Tech

Apple rushes out patches for two zero-days threatening iOS and macOS users

Enlarge Apple on Thursday released fixes for two critical zero-day vulnerabilities in iPhones, iPads, and Macs that give hackers dangerous access to the internals of the OSes the devices run on. Apple credited an anonymous researcher with discovering both vulnerabilities. The first vulnerability, CVE-2022-22675, resides in macOS for Monterey and in iOS or iPadOS for […]

Tech

SolarWinds hackers used an iOS 0-day to steal Google and Microsoft credentials

Enlarge (credit: Getty Images) The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published on Wednesday, researchers Maddie Stone and […]

Tech

This is not a drill: VMware vuln with 9.8 severity rating is under attack

Enlarge A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software. The vulnerability, tracked as CVE-2021-21985, resides in the vCenter Server, a tool for […]

Tech

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

Enlarge (credit: Getty Images) Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said. The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost […]

Tech

Hackers have been exploiting 4 critical Android vulnerabilities

Enlarge (credit: Getty Images) Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has released security updates to device manufacturers, […]

Tech

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. (credit: Samuel Axon) A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch […]

Tech

“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

Enlarge (credit: Getty Images) A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a […]

Tech

Security unicorn: Exchange server 0-days were exploited by 6 APTs

Enlarge (credit: Getty Images) The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing mystery: how did so many separate threat actors have […]

Tech

Microsoft issues emergency patches for 4 exploited 0days in Exchange

Enlarge (credit: Getty Images) Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zeroday vulnerabilities in Exchange Server. The software maker said hackers working on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange […]

Tech

Zerodays under active exploit are keeping Windows users busy

Enlarge (credit: Getty Images) It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping of this month’s list are two zerodays under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers. The […]