#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Apple update | Breaking Cybersecurity News | The Hacker News

Category — Apple update
Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

Oct 06, 2017
A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System (APFS) volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint section is showing the actual password in the plain text. Yes, you got that right—your Mac mistakenly reveals the actual password instead of the password hint. In September, Apple released macOS High Sierra 10.13 with APFS (Apple File System) as the default file system for solid-state drives (SSDs) and other all-flash storage devices, promising strong encryption and better performance. Mariano discovered the security issue while he was using the Disk Utility in macOS High Sierra to add a new encrypted APFS volume to a container. When adding a new volume, he was asked to set a password and, optionally, write a hint for it. So, whenever the new volume is mounted, m...
Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File

Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File

Oct 25, 2016
What's worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod. Yes, attackers can take over your vulnerable Apple's iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system. That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1 , for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes. And now that the company has rolled out a security patch, some hackers would surely find vulnerable Apple devices to exploit the vulnerability and take full control of them. So, users running older versions of iOS are advised to update their mobile devices to iOS 10.1 as soon as possible. Besides this remote code execution flaw, the newest iOS 10.1 incl...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
Apple starts downloading MacOS Sierra automatically to your MacBook — Here's How to Stop It

Apple starts downloading MacOS Sierra automatically to your MacBook — Here's How to Stop It

Oct 05, 2016
Are you experiencing slow Internet speed on your MacBook today? — It's not just you! Here's Why: Following in Microsoft's footsteps , Apple has started " pre-downloading " the latest version of its desktop operating system, macOS 10.12 Sierra, in the background, if you are still running OS X El Capitan. If you have automatic downloads enabled on your Mac, a large file of around 5GB will mysteriously be downloaded to your computer in the background, using your Internet bandwidth for unrequested files. Apple justifies this move by saying that the automatic download would make it easier for users to get the newest operating system, encouraging them to update their Macs. The good news, however, is that the update will not install automatically without your permission. Once downloaded automatically in the background, users who are running OS X El Capitan version 10.11.5 or later will receive a notification that says macOS Sierra is ready to be installed....
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability

Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability

Apr 21, 2015
Sad but True! Your Apple's Mac computer is vulnerable to a serious privilege escalation flaw, dubbed "RootPipe," even if you are running the latest version of Mac OS X. What's RootPipe? Back in October 2014, a Swedish White Hat hacker Emil Kvarnhammar claimed to have discovered a critical privilege escalation vulnerability, he dubbed the backdoor as " RootPipe ," in some versions of Mac OS X including the then newest version 10.10 Yosemite. The vulnerability ( CVE-2015-1130 ) could allow an attacker to take full control of your desktop Mac computer or MacBook laptop, even without any authentication. Keeping in mind the devastating effect of the RootPipe vulnerability, the researcher privately reported the flaw to Apple and did not disclose the details of the flaw publicly until the company released a patch to fix it. Apple did release an update but failed to patch RootPipe: Earlier this month, Apple released the latest version of Mac OS...
Apple Releases iOS 8.1.3

Apple Releases iOS 8.1.3

Jan 27, 2015
Apple has rolled out iOS 8.1.3 for iPhone, iPod touch and iPad devices, after weeks of extensive testing. The iOS 8.1.3 update contains bug fixes, stability enhancements and performance improvements. Among the new features, it reduces the amount of storage space required to perform a software update. The update can be downloaded by going to Settings > General > Software Update . The download size of iOS 8.1.3 is 246MB . Apple users with 8GB and 16GB devices will definitely appreciate the reduced storage requirements for updating to iOS 8. In addition to bug fixes, iOS 8.1.3 also includes a number of security improvements which can be viewed in detail on Apple's security page for the update. Apple is also preparing to release OS X Yosemite 10.10.2 beta update , which contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.
Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability

Jan 27, 2015
Apple is preparing to release the second update to OS X Yosemite in the coming days to its customers. The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port. Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept of Thunderstrike attack . Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac's EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself. Once installed using Thunderstrike attack, the malware would be almost impossible to detect and remove. Because the firmware used on Macs doesn't always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the at...
Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities

Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities

Apr 03, 2014
So, is your Safari Web Browser Updated?? Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple released Safari 6.1.3 and Safari 7.0.3 with new security updates. These Security updates addresses multiple vulnerabilities in its Safari web browser, which has always been the standard browser for Mac users. This times not five or ten, in fact about two dozen. Apple issued a security update to patch a total of 27 vulnerabilities in Safari web browser, including the one which was highlighted at Pwn2Own 2014 hacking competition. The available updates replace the browser running OSX 10.7 and 10.8 with the latest versions of browser 6.1.3, and OSX 10.9 with 7.0.3. Among the 27 vulnerabilities, the most remarkable vulnerability addressed in the update is CVE-2014-1303 , a heap-based buffer overflow that can be remotely exploited and could lead to bypass a sandbox protection mechanism via unspecified vector. This vulnerability is ...
New Apple vulnerability allows Malicious keylogger App to Record User Inputs

New Apple vulnerability allows Malicious keylogger App to Record User Inputs

Feb 26, 2014
Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone , iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researchers at  FireEye . They found a way to bypass the Apple's app review process effectively and created a proof-of-concept Monitoring app for non-jailbroken iOS 7.0.x devices. The " monitoring " app, that runs in the background of the iPhone is a Keylogger Trojan which could allow hackers to monitor user's activities on the mobile device, including - touches on the screen, home button press, volume button press and TouchID press , and send all collected events to any remote server. According to researchers, their proof-of-concept app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x. " Based on the findings, potential attackers can either use phishing to mislead the vi...
iOS 6.1 Hack allows iPhone lock screen bypass

iOS 6.1 Hack allows iPhone lock screen bypass

Feb 14, 2013
Apple has faced a number challenges over the last year related to software errors and flaws on its flagship iPhone. According to a latest video posted on YouTube  iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. Basically, he found that by attempting and canceling an emergency call on the iPhone, holding the lock button and then taking a screenshot took him past the stage where he should have had to enter a password to access the phone. The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture. Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they'll fix this annoying glitch as well. Steps to follow: First part: -Go to emergency call, push down the power button and tap cancel. -D...
Apple update removes Java plugin from OS X browsers

Apple update removes Java plugin from OS X browsers

Oct 19, 2012
Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying a " Missing Plug-in " notification. The Apple Support page states that this update is for OS X 10.7 and later. Apart from stripping browsers of the Java plug-in, it also removes the Java Preferences application, since it is no longer required for applet setting configuration. Just to be clear, the update does not remove Java from your system if its installed, just the Java plugin from your web browsers. In August, Java was blasted as an unsafe plug-in that should only be used when absolutely necessary after a zero-day exploit was discovered, rolled into the user-friendly Blackhole exploit kit and used for nearly a week before Oracle issued a patch. That patch, however,...
Expert Insights / Articles Videos
Cybersecurity Resources