Apple hacking | Breaking Cybersecurity News | The Hacker News

Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app. According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue. Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with 'zero-click,' where no interaction is required from the targeted recipients. 8-Years-Old Apple Zero-Days Exploited in the Wild According to the...

The First major cyber attack on Apple's App Store has now been linked to CIA (Central Intelligence Agency) . Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by ' XCodeGhost Malware' . The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps. The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode . XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker's servers even without your knowledge. After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchers found more than 4,000 compromised apps. The infected apps include the popular instant messaging app WeChat, Chinese Uber-like ca...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered potentially deadly zero-day vulnerabilities in both iOS and OS X operating systems that could put iPhone/iPad or Mac owners at a high risk of cyber attacks. Researchers have created and published a malicious app on the App Store that was able to siphon users' personal data from the password storing Keychain in Apple's OS X , as well as steal passwords from iCloud, banking and email accounts. Dubbed XARA (cross-app resource access), the malware exploit app was able to bypass the OS X sandboxing mechanisms that are supposedly designed to prevent an app from accessing the credentials, contacts, and other important data related to other apps. The Consequences are Dire! ...

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c...