Security researcher Bhavuk Jain found a zero day vulnerability with Sign In with Apple in April. Apple has already patched it.
Apple disagrees with a report from security company ZecOps that found an exploit that took advantage of the default iOS Mail app.
In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users[…]
The critics said if the exploit was able to delete the emails ,it would have been able to delete the crash log data as well. The critics said that failure and some technical details contained in the ZecOps report strongly suggested the flaw was a more benign bug that was triggered by certain types of emails. Also skeptical, the critics said, is that an advanced exploit would cause a crash at all.
An interesting update to this saga. The bug certainly caused these devices to crash, but it remains to be seen whether that resulted in stolen data.
An iPhone zero day has been found in the wild that takes advantage of two vulnerabilities in the Mail app. It’s currently unpatched in the public release of iOS.
Criminal group eGobbler took advantage of a WebKit zero day to create over a billion malicious ads to affect iOS and macOS users.
In an updated blog post, the Zoom web server will be removed in the next update, given recent information that it can be exploited.
JULY 9 PATCH: The patch planned for tonight (July 9) at or before 12:00 AM PT will do the following: 1. Remove the local web server entirely, once the Zoom client has been updated – We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device.
Security researcher Jonathan Leitschuh recently published information of a Zoom zero day vulnerability. Here’s how to protect yourself.
Before you’re tempted to check out Amazon’s sale on TP-Link routers, you should know a zero day exploit was recently found in these devices.
Founded in 2015, Zerodium is a information security company specializing in buying and selling zero day exploits. It’s offering US$2 million for remote iOS exploits.
Security researcher Patrick Wardle has found a macOS Mojave bug that allows unauthorized access to your personal data, like your contacts.
A new macOS zero day exploit has been found, and this one has been present in the operating system since 2002.
This is part of Project Zero’s modus operandi, as it routinely searches other companies’ software for bugs.
Dave Hamilton and John Martellaro join Jeff Gamet to discuss the HomeKit Zero Day exploit that was just revealed, plus John and Jeff get into a debate about whether the iPad should be considered a computer.
Apple customers don’t need to take any action right now. The company has already fixed the issue on its end, and next week users can get a software update that fixes the bug on their end.
As of yesterday, Adobe has already identified the bug (CVE-2017-11292) and released a security patch for Windows, macOS, Linux, and Chrome OS.
Yesterday was the annual Pwn2Own hacking contest, and also marks the contest’s 10th anniversary. Hackers compete in challenges to find security holes in popular software and mobile devices. This year, two Safari zero days were found by the white-hat hackers.