#apple-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #apple-security, aggregated by home.social.
-
Overall takeaway:
macOS security threats are not standing still. Attackers are leaning harder on trusted tools, fake apps, and social engineering.
That makes patching, careful downloads, and clear user education more important than ever.
-
🔓 Security researchers at Paradigm Shift say “usbliter8” is a new SecureROM/BootROM exploit impacting Apple A12–A13 chips (and some Apple Watch S4/S5). The PoC chains a USB controller DMA bug with a SecureROM config weakness to reach code execution. An unpatchable risk—details: https://cyberinsider.com/unpatchable-bootrom-exploit-for-apple-a12-a13-chips-now-public/ #AppleSecurity #BootROM #Exploitation #Vulnerability #CyberSecurity 🔍🚨
-
🔓 Security researchers at Paradigm Shift say “usbliter8” is a new SecureROM/BootROM exploit impacting Apple A12–A13 chips (and some Apple Watch S4/S5). The PoC chains a USB controller DMA bug with a SecureROM config weakness to reach code execution. An unpatchable risk—details: https://cyberinsider.com/unpatchable-bootrom-exploit-for-apple-a12-a13-chips-now-public/ #AppleSecurity #BootROM #Exploitation #Vulnerability #CyberSecurity 🔍🚨
-
Apple's A12 and A13 Chips Facing New Unpatchable Exploit
https://web.brid.gy/r/https://www.macrumors.com/2026/06/18/a12-and-a13-chips-facing-exploit/
-
Apple published a detailed write-up on formal verification in corecrypto, including their ML-KEM and ML-DSA implementations for post-quantum cryptography.
This goes to the next level, beyond “we tested this carefully” to “we proved key parts equivalent to the FIPS specs, including optimized C and ARM64 assembly paths.”
This crypto library ships across billions of devices. This is the difficult, expensive assurance work that makes platform security real. https://security.apple.com/blog/formal-verification-corecrypto/ #AppleSecurity #Cryptography #PostQuantum #InfoSec
-
Apple published a detailed write-up on formal verification in corecrypto, including their ML-KEM and ML-DSA implementations for post-quantum cryptography.
This goes to the next level, beyond “we tested this carefully” to “we proved key parts equivalent to the FIPS specs, including optimized C and ARM64 assembly paths.”
This crypto library ships across billions of devices. This is the difficult, expensive assurance work that makes platform security real. https://security.apple.com/blog/formal-verification-corecrypto/ #AppleSecurity #Cryptography #PostQuantum #InfoSec
-
🎉 Oh joy, another mind-numbing Apple security "update" that confirms absolutely nothing until it's too late! 🕵️♂️ Good old Apple, keeping everyone in suspense with their cryptic vulnerability haikus. 📱✨
https://support.apple.com/en-us/127115 #AppleSecurity #UpdateCrypticVulnerabilities #TechHumor #SoftwareUpdates #HackerNews #ngated -
🎉 Oh joy, another mind-numbing Apple security "update" that confirms absolutely nothing until it's too late! 🕵️♂️ Good old Apple, keeping everyone in suspense with their cryptic vulnerability haikus. 📱✨
https://support.apple.com/en-us/127115 #AppleSecurity #UpdateCrypticVulnerabilities #TechHumor #SoftwareUpdates #HackerNews #ngated -
🚨 Just when you thought Apple's memory defenses were tighter than a hipster's skinny jeans, a tiny startup with an AI sidekick casually waltzes through their fortress in under a week. 🤖🔑 Five years of design and fancy new silicon, yet it still can't keep out a trio armed with two bugs and a "clever idea." 🤦♂️ Keep those PhDs on hold, folks.
https://ironpeak.be/blog/bypassing-apple-mie/ #AppleSecurity #AIStartup #MemoryBreach #Cybersecurity #Hackers #HackerNews #ngated -
🚨 Just when you thought Apple's memory defenses were tighter than a hipster's skinny jeans, a tiny startup with an AI sidekick casually waltzes through their fortress in under a week. 🤖🔑 Five years of design and fancy new silicon, yet it still can't keep out a trio armed with two bugs and a "clever idea." 🤦♂️ Keep those PhDs on hold, folks.
https://ironpeak.be/blog/bypassing-apple-mie/ #AppleSecurity #AIStartup #MemoryBreach #Cybersecurity #Hackers #HackerNews #ngated -
In part 2 of my macOS security internals series, I demystify System Integrity Protection (SIP), breaking down how the kernel enforces Apple-signed entitlements over POSIX root privileges, the mechanics of rootless.conf, and why the hardware always has the final veto.
Includes a small C program to audit your own CSR bitfield configuration.
Read the full deep dive here:
https://bytearchitect.io/macos-security/Apple-defences-SIP-and-APFS-(cont'd)/#macOS #infosec #cybersecurity #ReverseEngineering #XNU #AppleSecurity #Kernel #OSInternals #Rootless
-
In part 2 of my macOS security internals series, I demystify System Integrity Protection (SIP), breaking down how the kernel enforces Apple-signed entitlements over POSIX root privileges, the mechanics of rootless.conf, and why the hardware always has the final veto.
Includes a small C program to audit your own CSR bitfield configuration.
Read the full deep dive here:
https://bytearchitect.io/macos-security/Apple-defences-SIP-and-APFS-(cont'd)/#macOS #infosec #cybersecurity #ReverseEngineering #XNU #AppleSecurity #Kernel #OSInternals #Rootless
-
La App Store de Apple elimina una aplicación falsa de monedero de criptomonedas
#ciberseguridad #criptomonedas #AppleSecurity
https://mecambioamac.com/apple-elimina-una-aplicacion-falsa-de-monedero-de-criptomonedas/
-
CISA recomienda actualizar dispositivos iOS para evitar Coruna
#ciberseguridad #AppleSecurity #Coruna
https://mecambioamac.com/cisa-recomienda-actualizar-dispositivos-ios-para-evitar-coruna/
-
El malware GlassWorm ataca a los Mac con monederos de criptomonedas
#ciberseguridad #AppleSecurity #GlassWorm
https://mecambioamac.com/el-malware-glassworm-ataca-a-los-mac-con-monederos-de-criptomonedas/
-
APPLE'S FIFTY YEARS MARKED BY URGENT SECURITY PATCHES AND FUZZY PRODUCT FUTURES
Apple releases urgent iOS 18.7.7 security patch for older iPhones and iPads against 'DarkSword' exploit. Learn who is affected and what to do.
#AppleSecurity, #iOSUpdate, #iPhoneXR, #iPadUpdate, #CyberSecurity
https://newsletter.tf/apple-security-patch-iphones-ipads-darksword-exploit/
-
Millions of older iPhone and iPad users need to update immediately. This security fix is available for devices as old as the iPhone XR.
#AppleSecurity, #iOSUpdate, #iPhoneXR, #iPadUpdate, #CyberSecurity
https://newsletter.tf/apple-security-patch-iphones-ipads-darksword-exploit/ -
Millions of older iPhone and iPad users need to update immediately. This security fix is available for devices as old as the iPhone XR.
#AppleSecurity, #iOSUpdate, #iPhoneXR, #iPadUpdate, #CyberSecurity
https://newsletter.tf/apple-security-patch-iphones-ipads-darksword-exploit/ -
Apple actualiza el Acuerdo de Licencia del Programa para Desarrolladores de Apple
-
Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier
-
Systemy Apple w wersji 26.4 to ponad 35 luk bezpieczeństwa
Apple opublikowało iOS 26.4 i pozostałe systemy z tej rodziny z dużą paczką poprawek bezpieczeństwa – załatano ponad 35 podatności. Choć to standard przy większych aktualizacjach, kilka błędów szczególnie się wyróżnia.
Do najważniejszych należą:
- Ominięcie ochrony skradzionego iPhone’a: Najpoważniejsza luka pozwalała obejść funkcję Stolen Device Protection – nawet przy aktywnym zabezpieczeniu możliwy był dostęp do aplikacji chronionych Face ID wyłącznie przy użyciu kodu urządzenia. Apple naprawiło problem, wzmacniając mechanizmy weryfikacji. W iOS 26.4 funkcja ta jest dodatkowo domyślnie włączona.
- Dostęp do Keychain (hasła i dane): Błąd umożliwiał lokalnemu atakującemu dostęp do Keychain z powodu niewystarczającej kontroli uprawnień. To potencjalnie poważna luka – Keychain przechowuje hasła, klucze szyfrujące i tokeny.
- Prywatność w Mail mogła nie działać: Opcje „Ukryj adres IP” i „Blokuj zdalną zawartość” w aplikacji Mail nie zawsze działały poprawnie. W praktyce oznaczało to, że nadawcy mogli uzyskać Twój adres IP mimo aktywnej ochrony.
- Ucieczka z sandboxa przez drukowanie: Luka w systemie drukowania (AirPrint) pozwalała aplikacji wydostać się z izolowanego środowiska (sandbox). To ważny element potencjalnych łańcuchów ataków – po jego obejściu system staje się znacznie bardziej podatny.
- Problemy w WebKit (silnik Safari): Aż kilka poważnych błędów w WebKit, m.in.:
- obejście zasad bezpieczeństwa stron (Same Origin Policy),
- złamanie Content Security Policy,
- możliwość przetwarzania złośliwej treści poza sandboxem.
Dobra wiadomość: brak dowodów na aktywne wykorzystywanie tych luk. Zła: skala i charakter błędów są poważne jak na jedną aktualizację i pokazują, że nawet Apple—uważane za lidera bezpieczeństwa—mierzy się obecnie z o wiele większą skalą zagrożeń niż dawniej.
Aktualizacja do iOS 26.4 to w tym przypadku nie „opcjonalna poprawka”, tylko realne wzmocnienie bezpieczeństwa.
Więcej na temat ostatnich aktualizacji znajdziecie na strona Wsparcia Apple (polska wersja nie jest zaktualizowana na moment pisania tego tekstu) oraz w tym wpisie.
#aktualizacja #Apple #AppleSecurity #Bezpieczeństwo #cyberbezpieczeństwo #exploit #iOS264 #iPhone #Keychain #mail #prywatność #WebKitAktualizacje iOS 26.4, iPadOS 26.4, macOS 26.4, watchOS 26.4, tvOS 26.4, visionOS 26.4
-
CVE-2026-20687 (CRITICAL): Use-after-free in Apple iOS/iPadOS/macOS/tvOS/watchOS lets malicious apps crash devices or write kernel memory. Patch to iOS/iPadOS 18.7.7/26.4, macOS Sequoia 15.7.5, Tahoe 26.4+ ASAP. https://radar.offseq.com/threat/cve-2026-20687-an-app-may-be-able-to-cause-unexpec-a39ac789 #OffSeq #AppleSecurity #InfoSec
-
Apple ha rilasciato il primo aggiornamento Background Security Improvement (BSI) per macOS Tahoe 26.3.1, iOS 26.3.1 e iPadOS 26.3.1.
-
Apple ha rilasciato il primo aggiornamento Background Security Improvement (BSI) per macOS Tahoe 26.3.1, iOS 26.3.1 e iPadOS 26.3.1.
-
Apple Releases Emergency Security Update for Older iPhones and iPads
#Apple #iOS #iPhone #CyberSecurity #SecurityUpdate #iOS15 #iOS16 #AppleSecurity #WebKit #TechNews #ITNews #Tech #ITSupport
-
Apple Releases Emergency Security Update for Older iPhones and iPads
#Apple #iOS #iPhone #CyberSecurity #SecurityUpdate #iOS15 #iOS16 #AppleSecurity #WebKit #TechNews #ITNews #Tech #ITSupport
-
Apple utilizza i rapporti sui messaggi spam segnalati dagli utenti per identificare caratteristiche comuni e migliorare i filtri di sicurezza server-side. 📡🔒
-
Apple utilizza i rapporti sui messaggi spam segnalati dagli utenti per identificare caratteristiche comuni e migliorare i filtri di sicurezza server-side. 📡🔒
-
You’d think Apple would be interested in handing folks decrypted IPA’s of iOS apps
. Especially free ones .#ios #reverseengineering #cybersecurity #securityresearch #Applesecurity
-
You’d think Apple would be interested in handing folks decrypted IPA’s of iOS apps
. Especially free ones .#ios #reverseengineering #cybersecurity #securityresearch #Applesecurity
-
Apple's iOS 18.7.5 patches 30+ critical vulnerabilities including sandbox escapes and kernel flaws. AdwaitX breaks down every security fix for iPhone XS and iPad 7th gen users. Install now 🔗 #AdwaitX #iOS1875 #AppleSecurity #iPhone
https://www.adwaitx.com/ios-18-7-5-security-update-critical-fixes/
-
Apple's iOS 18.7.5 patches 30+ critical vulnerabilities including sandbox escapes and kernel flaws. AdwaitX breaks down every security fix for iPhone XS and iPad 7th gen users. Install now 🔗 #AdwaitX #iOS1875 #AppleSecurity #iPhone
https://www.adwaitx.com/ios-18-7-5-security-update-critical-fixes/
-
🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
-
macOS 26.3 patches 52 vulnerabilities including one actively exploited on iOS. 3.7GB update brings hidden M5 chip support and Xcode AI coding agents. AdwaitX explains why this matters 🔗 #AdwaitX #macOS #AppleSecurity
https://www.adwaitx.com/macos-26-3-tahoe-security-update-2026/
-
🔒 iOS 26.3 beta rilascia un aggiornamento di sicurezza per testare nuovi miglioramenti di sistema in background. Apple continua l’evoluzione della sua piattaforma.
-
🔒 iOS 26.3 beta rilascia un aggiornamento di sicurezza per testare nuovi miglioramenti di sistema in background. Apple continua l’evoluzione della sua piattaforma.
-
Apple urges iOS and macOS users to update immediately amid active attacks exploiting critical vulnerabilities, plus warnings on Gladinet risks. Stay secure! 🔒📱💻 https://www.heise.de/en/news/Update-iOS-and-macOS-Warning-of-Attacks-on-Apple-Vulnerabilities-and-Gladinet-11116104.html #AppleSecurity #iOSUpdate #Cybersecurity #Newz
-
Apple urges iOS and macOS users to update immediately amid active attacks exploiting critical vulnerabilities, plus warnings on Gladinet risks. Stay secure! 🔒📱💻 https://www.heise.de/en/news/Update-iOS-and-macOS-Warning-of-Attacks-on-Apple-Vulnerabilities-and-Gladinet-11116104.html #AppleSecurity #iOSUpdate #Cybersecurity #Newz
-
Apple has patched two WebKit vulnerabilities confirmed to be exploited in the wild, with indications pointing to highly targeted attack activity.
Given WebKit’s role as the rendering engine for Safari and all iOS browsers, these flaws highlight systemic risk across Apple platforms. Discovery involved Apple Security Engineering and Architecture alongside Google’s Threat Analysis Group, underscoring cross-vendor collaboration in exploit detection.
How do you factor shared components like browser engines into threat modeling and patch urgency?
Source: https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
Engage in the discussion, and follow @technadu for balanced infosec reporting.
#InfoSec #WebKit #AppleSecurity #ZeroDay #ThreatAnalysis #PatchStrategy #TechNadu
-
Apple Warns All iPhone Users—Do Not Take These Calls
Do not lose your account to hackers. Getty Images Apple warns “targeted attacks” are now being deployed to…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Mobile #applehacker. #applesecurity #iphoneattack #iphonehacker #iphonesecurity #iphonevsandroid #Technology
https://www.newsbeep.com/us/308151/ -
Nuevas mejoras en la seguridad de macOS Tahoe y en iOS que llegan en la versión 26.1: las Mejoras de Seguridad en Segundo Plano
#macOSTahoe #iOS26 #MacOSSecurity #AppleSecurity #CyberSecurity #ciberseguridad
https://mecambioamac.com/macos-tahoe-26-1-activa-las-mejoras-de-seguridad-en-segundo-plano/
-
🚨 BREAKING: TechCrunch discovers that, shockingly, an iPhone isn't invincible to hacking! 😱 In related news, water is wet, and Apple remains an easy target for government spyware because, you know, it's made for "security" and all. 😂🔒
https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/ #iPhoneHacking #AppleSecurity #TechNews #GovernmentSpyware #Cybersecurity #HackerNews #ngated -
Apple podwaja nagrodę w programie Bug Bounty do 2 mln USD za ataki na poziomie szpiegowskim
Apple ogłosiło nową, ulepszoną wersję swojego programu Bug Bounty, w którym nagroda za łańcuchy exploitów porównywalne do ataków szpiegowskich wzrosła do 2 mln USD.
Łączne wypłaty z bonusami za obejście Lockdown Mode i luki w wersjach beta mogą przekroczyć 5 mln USD, co Apple nazywa największą nagrodą oferowaną przez jakikolwiek program bug bounty.
Nowy program skupia się na kompletnych łańcuchach exploitów, a nie pojedynczych lukach, co odzwierciedla realne ataki. Nagrody za zdalne wektory ataku znacząco wzrosły, podczas gdy mniej powszechne kategorie otrzymają mniejsze wypłaty.
Apple wprowadza też „Target Flags”, inspirowane grami typu capture-the-flag. Pozwalają one badaczom udowodnić poziom uzyskanego dostępu (np. wykonanie kodu lub arbitralny odczyt/zapis). Po weryfikacji przez Apple nagroda jest wypłacana w najbliższym cyklu płatności, bez oczekiwania na poprawkę systemu.
Nowe kategorie obejmują m.in.:
- One-click WebKit sandbox escapes – do 300 000 USD
- Exploity bezprzewodowe – do 1 mln USD
- Pełne obejście Gatekeeper w macOS – 100 000 USD
Program wchodzi w życie od listopada 2025, a od startu w 2020 Apple wypłaciło ponad 35 mln USD ponad 800 badaczom.
Podobne programy mają inne filmy technologiczne z całego świata, w tym Synology, o czym szerzej posłuchasz w jednym z odcinków mojego podcastu „Bo czemu nie?”.
#Apple #AppleSecurity #Bezpieczeństwo #bezpieczeństwosystemów #BugBounty #cybersecurity #exploit #exploitchains #hackowanie #iOS #LockdownMode #macOS #nagroda #programiści #technews #vulnerability
-
🚀🐑 Apple's security gibberish—SPTM, #TXM, and Exclaves—because who needs clear communication when you can have an alphabet soup? 🤪 Dive deep into buzzwords and acronyms, and emerge none the wiser! 📚🔍
https://arxiv.org/abs/2510.09272 #AppleSecurity #SPTM #Exclaves #BuzzwordSoup #HackerNews #ngated -
Apple just upped its bug bounty game to a whopping $2M for critical exploits, with potential payouts over $5M for bypassing Lockdown Mode. Suddenly, 'it works on my machine' isn't cutting it. My compiler just started whispering about early retirement. What's the wildest bug you've ever found (or dreamt of finding) that *isn't* worth millions?
https://www.engadget.com/big-tech/apple-doubles-its-biggest-bug-bounty-reward-to-2-million-102844667.html?src=rss
#AppleSecurity #BugBounty #DevLife #InfoSec #CyberSecurity -
Apple 'Account'? Remember when it was just an 'ID'? If you've ever found yourself locked out or just want to refresh your digital security, here's how to change your Apple password across all your devices and the web. Because who *hasn't* needed this at 3 AM?
Read more: https://www.engadget.com/computing/how-to-change-your-apple-account-password-120010992.html?src=rss
#AppleSecurity #PasswordTips #TechTips #Cybersecurity #DevLife
What's your go-to strategy for crafting and remembering truly strong passwords? -
Apple is introducing "Background Security Improvements" (BSI) in iOS 26 for silent, automatic security patches! 🔒 No more manual updates or interruptions, with potential reboot-free fixes and rollback options. A big step in seamless security! 🚀 #iOS26 #AppleSecurity #SilentUpdates https://www.heise.de/en/news/Security-updates-Silent-installation-in-future-iOS-versions-10668490.html
#newz -
Rumors su iOS 26.1: Apple starebbe testando Background Security Improvements, un sistema per patch di sicurezza silenziose, senza intervento dell'utente.
💡 Sostituirebbe Rapid Security Responses.
📱 Mantenere l'iPhone sicuro sarebbe più semplice. -
‘Memory Integrity Enforcement’ : el salto de seguridad del iPhone 17 en el que ha estado trabajando el departamento de Apple Security Research
#iPhone17 #iPhone17Pro #iPhoneAir #ciberseguridad #tech #AppleSecurity
https://mecambioamac.com/memory-integrity-enforcement-el-salto-de-seguridad-del-iphone-17/
-
Apple Enhances Crypto Wallet Safety on iPhone 17 with Memory Integrity Enforcement - TLDR:
Apple’s iPhone 17 debuts Memory Integrity Enforcement, boosting wallet signing saf... - https://blockonomi.com/apple-enhances-crypto-wallet-safety-on-iphone-17-with-memory-integrity-enforcement/ #memoryintegrityenforcement #spywareprotection #cryptosecurity #applesecurity #cryptowallets #walletsigning #technology #security #iphone17 #a19chip #apple
-
🚨 Microsoft reveals "Sploitlight" macOS flaw that bypassed Apple’s privacy controls, exposing sensitive Apple Intelligence and iCloud data like GPS, face recognition, and photo metadata! 📸📍 Apple patched it in macOS Sequoia 15.4—update now! 🔒 #macOS #AppleSecurity #Sploitlight #Privacy #newz
Read more: https://cyberinsider.com/sploitlight-flaw-in-macos-exposed-apple-intelligence-and-icloud-data/
-
That AirPlay/CarPlay security buzz? Apple patched its own devices fast. Risk is low: mainly outdated third-party gear on open Wi-Fi. Update everything, secure your network, and you're good. #AirPlay #AppleSecurity #TechSafety
-
🚨 Apple just patched CVE-2025-31200 in CoreAudio & CVE-2025-31201 in RPAC, both zero-day flaws exploited in targeted iOS attacks. Update to iOS 18.4.1, iPadOS 18.4.1, & macOS Sequoia 15.4.1 ASAP! 🔒 More info: https://cyberinsider.com/apple-fixes-two-new-zero-day-flaws-exploited-in-targeted-ios-attacks/ #AppleSecurity #ZeroDay #CyberSecurity 💻🛡️ #newz
-
Apple Patches 2 Exploited iOS Zero-Days in CoreAudio and RPAC
#Apple #iOS #AppleSecurity #iOSUpdate #ZeroDay #Cybersecurity #CoreAudio #ARM #AppleSilicon #PatchAlert #SecurityUpdate