tvOS | Breaking Cybersecurity News | The Hacker News

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085 (CVSS scores: 7.3/7.8), has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," the company said in a terse advisory. The issue has been addressed with improved memory management in the following devices and operating system versions - iOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later macOS Sequoia 15.3 - Macs running mac...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday  added  a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as  CVE-2022-48618  (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with arbitrary read and write capability may be able to bypass  Pointer Authentication ," Apple said in an advisory, adding the issue "may have been exploited against versions of iOS released before iOS 15.7.1." The iPhone maker said the problem was addressed with improved checks. It's currently not known how the vulnerability is being weaponized in real-world attacks. Interestingly, patches for the flaw were released on December 13, 2022, with the release of  iOS 16.2, iPadOS 16.2 ,  macOS Ventura 13.1 ,  tvOS 16.2 , and  watchOS 9.2 , although it was only publicly discl...

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as  CVE-2022-42856 , the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to arbitrary code execution. The company said it's "aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1." While details surrounding the exact nature of the attacks are unknown as yet, it's likely that it involved a case of social engineering or a watering hole to infect the devices when visiting a rogue or legitimate-but-compromised domain via the browser. It's worth noting that every third-party web browser that's available for iOS and iPadOS, including Google Chrome, Mozilla Firefox, and Microsoft Edg...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

Apple on Wednesday rolled out  software fixes  for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS). Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google  disclosed  earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari. Besides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kern...