Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

By: Paul Ducklin — May 19^th 2023 at 01:02

All Apple users have zero-days that need patching, though some have more zero-days than others.

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By: Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

By: Paul Ducklin — April 30^th 2023 at 01:23

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Naked Security

Apple issues emergency patches for spyware-style 0-day exploits – update now!

By: Paul Ducklin — April 8^th 2023 at 01:20

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Naked Security

Apple patches everything, including a zero-day fix for iOS 15 users

By: Paul Ducklin — March 28^th 2023 at 00:23

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

By: Paul Ducklin — January 30^th 2023 at 17:59

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Naked Security

Apple patches are out – old iPhones get an old zero-day fix at last!

By: Paul Ducklin — January 24^th 2023 at 01:24

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By: Paul Ducklin — January 4^th 2023 at 19:50

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

Naked Security

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

By: Paul Ducklin — January 1^st 2023 at 21:36

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

Naked Security

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

By: Paul Ducklin — December 29^th 2022 at 09:20

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Naked Security

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

By: Paul Ducklin — December 20^th 2022 at 17:59

It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.

Naked Security

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

By: Paul Ducklin — October 25^th 2022 at 18:03

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Naked Security

Move over Patch Tuesday – it’s Ada Lovelace Day!

By: Paul Ducklin — October 11^th 2022 at 15:22

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Naked Security

Apple patches double zero-day in browser and kernel – update now!

By: Paul Ducklin — August 17^th 2022 at 23:33

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Naked Security

Zoom for Mac patches critical bug – update now!

By: Paul Ducklin — August 15^th 2022 at 18:26

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Naked Security

Office macro security: on-again-off-again feature now BACK ON AGAIN!

By: Paul Ducklin — July 23^rd 2022 at 01:10

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

Naked Security

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

By: Paul Ducklin — July 21^st 2022 at 12:38

One vendor's zero-day is another vendor's routine patch...

Naked Security

That didn’t last! Microsoft turns off the Office security it just turned on

By: Paul Ducklin — July 11^th 2022 at 13:27

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Naked Security

Apple pushes out two emergency 0-day updates – get ’em now!

By: Paul Ducklin — March 31^st 2022 at 23:38

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

apple-1200

Naked Security

Apple zero-day drama for Macs, iPhones and iPads – patch now!

By: Paul Ducklin — February 11^th 2022 at 14:25

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

apple-1200

Naked Security

At last! Office macros from the internet to be blocked by default

By: Paul Ducklin — February 8^th 2022 at 16:34

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Naked Security

Apple fixes Safari data leak (and patches a zero-day!) – update now

By: Paul Ducklin — January 27^th 2022 at 21:09

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

apple-1200

Naked Security

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

By: Paul Ducklin — December 16^th 2021 at 17:41

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Naked Security

Apple security updates are out – and not a Log4Shell mention in sight

By: Paul Ducklin — December 14^th 2021 at 12:55

Get 'em while they're hot!

Naked Security

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

By: Paul Ducklin — November 9^th 2021 at 12:31

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.