Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company said in a statement. "As part of this process, you'll need

S3 Ep145: Bugs With Impressive Names!

Fascinating fun (with a serious and educational side) - listen now! Full transcript available inside.

iPhone Update — Apply It Now If You Haven’t Already

Apple recently issued an urgent iPhone update, iOS version 16.5.1. If you haven’t updated yet, you should. 

Owners of iPads should update to iOS 16.5.1 as well. 

The update contains two critical security fixes that prevent bad actors from executing malicious code on iPhones and iPads.  

One of the fixes addresses an issue with the kernel of the device—the core code that runs iPhones and iPads. Apple reported that the issue could allow an app to execute arbitrary code with kernel privileges. With those privileges, a malicious appp could attack the device at the root level. The other addresses an issue with the operating system’s WebKit, which, if uncorrected, could process maliciously crafted web content. 

You can update to iOS 16.5.1 now by going to Settings > General > Software Update. 

The update is available for:  

• iPhone 8 and later. 
• iPad Pro (all models). 
• iPad Air 3rd generation and later. 
• iPad 5th generation and later. 
• iPad mini 5th generation and later. 

Protecting your iPhone 

Keeping your operating system current on your iPhone, and all your devices, provides a strong foundation for protection. In addition to adding new features, updates often include fixes focused on security. In this case, a couple of critical security fixes. 

You have a few options for keeping on top of security updates: 

1. Turn on automatic updates. This will ensure that your device is running the latest and greatest version of the operating system. Additionally, you can turn on automatic updates for all your apps as well. Together, they will take the work out of keeping things current.
2. Check for updates yourself. Even with automatic updates turned on, you might experience slightly delayed access to the latest update. In some cases, updates get rolled out to batches of users at a time to prevent download servers from getting overwhelmed. However, manually checking for updates will provide access to the latest version regardless of where you stand in the rollout queue. This way, if you see a news story about a critical update, you can still download it right away.
3. Use online protection software for your phone. Protection like our McAfee+ plans include a Wi-Fi & System Scan feature that notifies you when you need to update iOS. It can also take the guesswork out of whether you are current or not—and keep you in the loop if you miss the news of an important update. McAfee+ offers far more protection from there. It now includes our WebAdvisor extension, which warns you of sketchy phishing links and unsafe downloads. Privacy protection and identity protection come included as well, along with a VPN for a more secure connection. 

Keep safe. Keep your iOS (and your apps) current. 

Aside from using online protection software, keeping your device current offers a strong defense from hacks and attacks. Updates to your operating system and apps will fix security issues and loopholes—the very sorts of things that bad actors are quick to exploit. 

You can keep current quite easily, thanks to automatic updates. Yet keeping an eye on the news remains important as well. If you catch word of an important update, grab it right away. No need to wait. 

The post iPhone Update — Apply It Now If You Haven’t Already appeared first on McAfee Blog.

S3 Ep141: What was Steve Jobs’s first job?

Latest episode - listen now! (Full transcript inside.)

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

All Apple users have zero-days that need patching, though some have more zero-days than others.

Apple issues emergency patches for spyware-style 0-day exploits – update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Apple patches everything, including a zero-day fix for iOS 15 users

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Apple pushes out iOS security update that’s more tight-lipped than ever

We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...

Updates to Apple’s zero-day update story – iPhone and iPad users read this!

Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]

Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

Latest episode - listen now! (Or read the transcript if you prefer the text version.)

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

One vendor's zero-day is another vendor's routine patch...

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!