Apple | Breaking Cybersecurity News | The Hacker News

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel Pedragoza  said  in a technical report. Dridex , also called Bugat and Cridex, is an information stealer that's known to harvest sensitive data from infected machines and deliver and execute malicious modules. It's attributed to an e-crime group known as Evil Corp (aka Indrik Spider). The malware is also considered to be a successor of  Gameover Zeus , itself a follow-up to another banking trojan called Zeus. Previous Dridex campaigns targeting Windows have  leveraged  macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload. A law enforcement o

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as  CVE-2022-42856 , the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to arbitrary code execution. The company said it's "aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1." While details surrounding the exact nature of the attacks are unknown as yet, it's likely that it involved a case of social engineering or a watering hole to infect the devices when visiting a rogue or legitimate-but-compromised domain via the browser. It's worth noting that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edg

Apple on Wednesday  announced  a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service. The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts, and Wallet Passes. The iPhone maker said the only major iCloud data categories that are still not protected by E2EE are Mail, Contacts, and Calendar because of the "need to interoperate with the global email, contacts, and calendar systems" that use legacy technologies. Advanced Data Protection's E2EE protections for iCloud also mean that users' personal data can only be decrypted on their trusted devices, which retain the encryption keys. "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed  SiriSpy , has been assigned the identifier CVE-2022-32946. "Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets," Rambo  said  in a write-up. "This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone." The vulnerability, according to Rambo, relates to a service called DoAP that's included in AirPo

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827 , has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of out-of-bounds write flaws, which typically occur when a program attempts to write data to a memory location that's outside of the bounds of what it is allowed to access, can result in corruption of data, a crash, or execution of unauthorized code. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability. As is usually the case with actively exploited zero-day flaws, Apple refrained from sharing more specifics about the shortcoming other than acknowledging that it's "aware of a report that this i

Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as  CVE-2022-32910 , is rooted in the built-in Archive Utility and "could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis. Following responsible disclosure on May 31, 2022, Apple addressed the issue as part of  macOS Big Sur 11.6.8  and  Monterey 12.5  released on July 20, 2022. The tech giant, for its part, also revised the earlier-issued advisories as of October 4 to add an entry for the flaw. Apple described the bug as a logic issue that could allow an archive file to get around Gatekeeper checks, which is designed so as to ascertain that only trust

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild. The issue, assigned the identifier  CVE-2022-32917 , is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may have been actively exploited," the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks. An anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the  second Kernel related zero-day flaw  that Apple has remediated in less than a month. Patches are available in versions  iOS 15.7, iPadOS 15.7 ,  iOS 16 ,  macOS Big Sur 11.7 , and  macOS Monterey 12.6 . The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generati

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a  critical security flaw  that has been actively exploited in the wild. The shortcoming, tracked as  CVE-2022-32893  (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. WebKit is the browser engine that powers Safari and every other third-party browser available on iOS and iPadOS, meaning a flaw uncovered in the platform poses a security risk to users of Google Chrome, Mozilla Firefox, and Microsoft Edge as well. The tech giant said it fixed the bug with improved bounds checking. An anonymous researcher has been credited for reporting the vulnerability. The iOS 12.5.6 update is available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). "iOS 12 is not impacted by CVE-2022-32894," Apple  noted  in it

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss  said  in a report. XCSSET, first  documented  by Trend Micro in 2020, has many moving parts that allow it to  harvest sensitive information  from Apple Notes, WeChat, Skype, and Telegram; inject malicious JavaScript code into various websites; and dump cookies from Safari web browser. Infection chains entail using a dropper to compromise users' Xcode projects with the backdoor, with the latter also taking steps to evade detection by masquerading as either system software or the Google Chrome web browser application. The primary executable is an

Apple on Wednesday released security updates for  iOS, iPadOS , and  macOS  platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893  - An out-of-bounds write issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894  - An out-of-bounds write issue in the operating system's Kernel that could be abused by a malicious application to execute arbitrary code with the highest privileges Apple said it addressed both the issues with improved bounds checking, adding it's aware the vulnerabilities "may have been actively exploited." The company did not disclose any additional information regarding these attacks or the identities of the threat actors perpetrating them, although it's likely that they were abused as part of highly-targeted intrusions. The latest update brings the total number o

Apple on Wednesday rolled out  software fixes  for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google  disclosed  earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari. Besides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813

Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed  CloudMensis  by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the intent of its operators is to gather information from the victims' Macs by exfiltrating documents, keystrokes, and screen captures," ESET researcher Marc-Etienne M.Léveillé  said  in a report published today. CloudMensis, written in Objective-C, was first discovered in April 2022 and is designed to strike both Intel and Apple silicon architectures. The initial infection vector for the attacks and the targets remain unknown as yet. But its very limited distribution is an indication that the malware is being used as part of a highly targeted operation directed against entities of i

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in a write-up. Tracked as  CVE-2022-26706  (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022. Calling it an access issue affecting the LaunchServices (launchd) component, the iPhone maker noted that "A sandboxed process may be able to circumvent sandbox restrictions," adding it mitigated the issue with additional restrictions. While Apple's  App Sandbox  is designed to tightly regulate a third-party app's acce

Apple on Wednesday announced it plans to introduce an enhanced security setting called  Lockdown Mode  in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as  Pegasus ,  DevilsTongue ,  Predator , and  Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple  said  in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; a

One of the commissioners of the U.S. Federal Communications Commission (FCC) has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," Brendan Carr, a Republican member of the FCC,  wrote  in a letter to Apple and Google's chief executives. TikTok, in September 2021,  disclosed  that there are one billion people who use its app every month, making it one of the largest social media platforms after Facebook, YouTube, WhatsApp, Instagram, and WeChat. Carr further emphasized that the short-form video service is far from just an app for sharing funny videos or memes, calling out its features as "sheep's clothing" intended to mask its core funct

A novel hardware attack dubbed  PACMAN  has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan  said  in a new paper. What's more concerning is that "while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be," the researchers added. The vulnerability is rooted in pointer authentication codes ( PACs ), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to  pointers  — objects that reference an address location in memory. PACs aim to solve a common problem in software

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a reboot," the company  said  in a statement on Monday. The feature, which also works on iOS , aims to separate regular software updates from critical security improvements and are applied automatically so that users are quickly protected against in-the-wild attacks and unexpected threats. It's worth noting that Apple tested an analogous option in iOS 14.5. Rapid Security Response, viewed in that light, mirrors a similar approach taken by Google through Play Services and Play Protect to secure Android devices from malware and other kinds of fraud. Another key security fea

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat Labs  said  in a report. UpdateAgent, first detected in late 2020, has since  evolved  into a malware dropper, facilitating the distribution of second-stage payloads such as adware while also bypassing macOS  Gatekeeper  protections. The newly discovered Swift-based dropper masquerades as Mach-O binaries named " PDFCreator " and " ActiveDirectory " that, upon execution, establish a connection to a remote server and retrieve a bash script to be executed. "The primary difference [between the two executables] is that it reaches out to a different URL from wh

A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from  NSO Group  and  Candiru  against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations," the University of Toronto's Citizen Lab  said  in a new report. "Family members were also infected in some cases." Of the 65 individuals, 63 were targeted with Pegasus and four others were infected with Candiru, with iPhones belonging to at least two compromised with both. The incidents are said to have mostly occurred between 2017 and 2020. The attacks involved the weaponization of an iOS exploit dubbed HOMAGE that made it possible to penetrate the devices running versions prior to iOS 13.2, which was released on October 28, 2019. It's worth noting that the latest version of iOS is iOS 15.4.1.