Apple hacking | Breaking Cybersecurity News | The Hacker News

Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app. According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue. Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with 'zero-click,' where no interaction is required from the targeted recipients. 8-Years-Old Apple Zero-Days Exploited in the Wild According to the...

The First major cyber attack on Apple's App Store has now been linked to CIA (Central Intelligence Agency) . Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by ' XCodeGhost Malware' . The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps. The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode . XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker's servers even without your knowledge. After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchers found more than 4,000 compromised apps. The infected apps include the popular instant messaging app WeChat, Chinese Uber-like ca...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement. A group of security researchers have uncovered potentially deadly zero-day vulnerabilities in both iOS and OS X operating systems that could put iPhone/iPad or Mac owners at a high risk of cyber attacks. Researchers have created and published a malicious app on the App Store that was able to siphon users' personal data from the password storing Keychain in Apple's OS X , as well as steal passwords from iCloud, banking and email accounts. Dubbed XARA (cross-app resource access), the malware exploit app was able to bypass the OS X sandboxing mechanisms that are supposedly designed to prevent an app from accessing the credentials, contacts, and other important data related to other apps. The Consequences are Dire! ...

Apple has patched the security flaw in its Find My iPhone online service that may have allowed hackers to get access to a number of celebrities' private pictures leaked online. OVER 100 CELEBRITIES AFFECTED So far, I hope everybody have heard about probably the biggest digital exposure of personal nude photographs belonging to as many as 100 high-profile celebrities, including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and the Oscar winning actress Jennifer Lawrence and Kate Upton. Initial reports suggested that the privacy breach of the celebrities' iCloud accounts was made possible by a vulnerability in Find My iPhone feature that allowed hackers to allegedly take nude photographs of celebrities from their Apple iCloud backups. Anonymous 4chan users who claims to have grabbed images, posted some of the images to the " b " forum on notorious bulletin-board 4chan, where the owners demanded Bitcoin in exchange for a peek of the images. The anonymous 4c...