Apple Vulnerability The Emergency Update Is Just The Latest In A Battle Between Iphone Owners And Hackers

iPhone, iPad and Mac users have been urged to install the patch as soon as possible to ensure they are not targeted by a hack that appears to have already been used on some people. The risk of such a vulnerability is high, even if the patch is simple. And its effects could be devastating, even if most people would never know it existed. It’s the latest major flare-up in an ongoing battle for control and access to iPhones. On one side are the hackers – often employed by governments – who are constantly looking for a way to get into the device. on the other is Apple, security experts and iPhone owners themselves. It’s far from the first time Apple has released an emergency security update of this kind. But the latest is less common as Apple revealed that it could have already been exploited – there have only been a handful of examples of such attacks throughout the iPhone’s history. There will, however, almost certainly be more. Any device connected to the Internet is a potential target for hackers, and there is never such a thing as perfect security forever. However, for most, the fix is ​​pretty simple: users can download and install the update, which fixes the vulnerability and is back to being as secure as they can be. But for Apple and its most high-risk customers, this is just the latest in an ongoing battle to try to keep users safe. For these hackers themselves, it is a rare and valuable success in this struggle. Hackers are constantly looking for bugs like this so they can be sold. Probably the most famous example is Pegasus, a piece of spyware believed to have been used by many governments that allows access to iPhones – so hackers can read people’s messages, track their location, and listen and monitor via of their microphone and camera. Such powerful software was only possible because there is a whole market for finding such bugs. If a hacker finds a major problem like the one addressed in the new software update, they have the option of selling it to spyware companies – those spyware companies can then weaponize it and sell it to organizations like nation states, which are in position to deploy them on dissidents or other enemies. To try to counter this market for vulnerabilities, tech companies are offering “bug donations” – payments aimed at incentivizing security researchers to hand over any bugs to the companies responsible, rather than selling them to people who aim to use them for attacks in cyberspace. In the past, Apple has been criticized for both the value and effectiveness of its bug bounty program, with researchers arguing that more should be given and that problems are not tracked quickly enough. But Apple is offering a significant amount of money for bugs: ranging from $100,000 for finding a way around the iPhone’s lock screen or getting iCloud account data, up to $1 million for the most profound bugs, which let people to get into the deepest parts of the phone without even touching it. Apple’s list of security updates makes it clear how often these problems are found and how damaging they can be. The most recent update was released on Wednesday and was credited to an anonymous researcher – who will likely have made a significant amount of money from finding it – but before that a critical security update was issued almost once a month in 2022. It can be hard to know how significant these attacks are, precisely because Apple and other tech companies keep this information secret to ensure it can’t be used. If Apple were to reveal the nature of the attack, it could also give hackers an idea of ​​how to use it. “To protect our customers, Apple does not disclose, discuss or confirm security issues until an investigation is conducted and patches or releases are generally available,” it writes on its website. It is also a provision of the bug bounty program that hackers should not talk about the problem until it is addressed. Even with these updates, however, the iPhone cannot remain completely secure. Hackers are always looking for ways to break into devices, and sometimes they find them. no device can be completely secure, something even Apple itself has acknowledged in its updates. Last month, Apple announced the introduction of “Lockdown Mode”. Its existence is a recognition of the fact that there will always be some tension between useful functions in phones and absolute security, and this is not always a way to have both. When a user activates this feature, it makes it clear that the phone “won’t work as usual”. It also makes it clear that it is intended only for those who are likely to be personally targeted by such attacks. “Lockdown mode is an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack,” it states. “Most people are never the target of this kind of attack.” Apple hasn’t given any explicit guidance on who should consider themselves the kind of high-risk user who should enable the feature. But he did suggest that anyone in that group would already know. if you have no reason to suspect that you might fall victim to such a hack, then you probably won’t. That’s partly because exploiting such vulnerabilities often also means alerting companies and security experts that they exist, which in turn can mean they might be patched. The powerful Pegasus spyware, for example, was found when attackers tried to use it on a human rights activist. The very fact of using an exploit means it becomes weaker, so they are generally only used on high-profile targets that are worth the risk. Using such attacks is also hard work, and not the kind that can be done en masse. Phones are usually jailbroken with a suspicious link or file, for example, which must be sent specifically to a user who must then open it. None of this is to say that the risk isn’t significant to someone who doesn’t consider themselves high-risk, however, security experts urge users to install updates as they become available. “While the vulnerability could allow threat actors to take full control of a device, stay calm and simply take control of your devices and download software updates available from Apple,” said Sam Curry, Apple’s chief security officer. Cybereason. “Do it and move on.”

title: “Apple Vulnerability The Emergency Update Is Just The Latest In A Battle Between Iphone Owners And Hackers Klmat” ShowToc: true date: “2022-11-27” author: “Patrick Mason”

iPhone, iPad and Mac users have been urged to install the patch as soon as possible to ensure they are not targeted by a hack that appears to have already been used on some people. The risk of such a vulnerability is high, even if the patch is simple. And its effects could be devastating, even if most people would never know it existed. It’s the latest major flare-up in an ongoing battle for control and access to iPhones. On one side are the hackers – often employed by governments – who are constantly looking for a way to get into the device. on the other is Apple, security experts and iPhone owners themselves. It’s far from the first time Apple has released an emergency security update of this kind. But the latest is less common as Apple revealed that it could have already been exploited – there have only been a handful of examples of such attacks throughout the iPhone’s history. There will, however, almost certainly be more. Any device connected to the Internet is a potential target for hackers, and there is never such a thing as perfect security forever. However, for most, the fix is ​​pretty simple: users can download and install the update, which fixes the vulnerability and is back to being as secure as they can be. But for Apple and its most high-risk customers, this is just the latest in an ongoing battle to try to keep users safe. For these hackers themselves, it is a rare and valuable success in this struggle. Hackers are constantly looking for bugs like this so they can be sold. Probably the most famous example is Pegasus, a piece of spyware believed to have been used by many governments that allows access to iPhones – so hackers can read people’s messages, track their location, and listen and monitor via of their microphone and camera. Such powerful software was only possible because there is a whole market for finding such bugs. If a hacker finds a major problem like the one addressed in the new software update, they have the option of selling it to spyware companies – those spyware companies can then weaponize it and sell it to organizations like nation states, which are in position to deploy them on dissidents or other enemies. To try to counter this market for vulnerabilities, tech companies are offering “bug donations” – payments aimed at incentivizing security researchers to hand over any bugs to the companies responsible, rather than selling them to people who aim to use them for attacks in cyberspace. In the past, Apple has been criticized for both the value and effectiveness of its bug bounty program, with researchers arguing that more should be given and that problems are not tracked quickly enough. But Apple is offering a significant amount of money for bugs: ranging from $100,000 for finding a way around the iPhone’s lock screen or getting iCloud account data, up to $1 million for the most profound bugs, which let people to get into the deepest parts of the phone without even touching it. Apple’s list of security updates makes it clear how often these problems are found and how damaging they can be. The most recent update was released on Wednesday and was credited to an anonymous researcher – who will likely have made a significant amount of money from finding it – but before that a critical security update was issued almost once a month in 2022. It can be hard to know how significant these attacks are, precisely because Apple and other tech companies keep this information secret to ensure it can’t be used. If Apple were to reveal the nature of the attack, it could also give hackers an idea of ​​how to use it. “To protect our customers, Apple does not disclose, discuss or confirm security issues until an investigation is conducted and patches or releases are generally available,” it writes on its website. It is also a provision of the bug bounty program that hackers should not talk about the problem until it is addressed. Even with these updates, however, the iPhone cannot remain completely secure. Hackers are always looking for ways to break into devices, and sometimes they find them. no device can be completely secure, something even Apple itself has acknowledged in its updates. Last month, Apple announced the introduction of “Lockdown Mode”. Its existence is a recognition of the fact that there will always be some tension between useful functions in phones and absolute security, and this is not always a way to have both. When a user activates this feature, it makes it clear that the phone “won’t work as usual”. It also makes it clear that it is intended only for those who are likely to be personally targeted by such attacks. “Lockdown mode is an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack,” it states. “Most people are never the target of this kind of attack.” Apple hasn’t given any explicit guidance on who should consider themselves the kind of high-risk user who should enable the feature. But he did suggest that anyone in that group would already know. if you have no reason to suspect that you might fall victim to such a hack, then you probably won’t. That’s partly because exploiting such vulnerabilities often also means alerting companies and security experts that they exist, which in turn can mean they might be patched. The powerful Pegasus spyware, for example, was found when attackers tried to use it on a human rights activist. The very fact of using an exploit means it becomes weaker, so they are generally only used on high-profile targets that are worth the risk. Using such attacks is also hard work, and not the kind that can be done en masse. Phones are usually jailbroken with a suspicious link or file, for example, which must be sent specifically to a user who must then open it. None of this is to say that the risk isn’t significant to someone who doesn’t consider themselves high-risk, however, security experts urge users to install updates as they become available. “While the vulnerability could allow threat actors to take full control of a device, stay calm and simply take control of your devices and download software updates available from Apple,” said Sam Curry, Apple’s chief security officer. Cybereason. “Do it and move on.”

title: “Apple Vulnerability The Emergency Update Is Just The Latest In A Battle Between Iphone Owners And Hackers Klmat” ShowToc: true date: “2022-10-31” author: “Olga Holland”

iPhone, iPad and Mac users have been urged to install the patch as soon as possible to ensure they are not targeted by a hack that appears to have already been used on some people. The risk of such a vulnerability is high, even if the patch is simple. And its effects could be devastating, even if most people would never know it existed. It’s the latest major flare-up in an ongoing battle for control and access to iPhones. On one side are the hackers – often employed by governments – who are constantly looking for a way to get into the device. on the other is Apple, security experts and iPhone owners themselves. It’s far from the first time Apple has released an emergency security update of this kind. But the latest is less common as Apple revealed that it could have already been exploited – there have only been a handful of examples of such attacks throughout the iPhone’s history. There will, however, almost certainly be more. Any device connected to the Internet is a potential target for hackers, and there is never such a thing as perfect security forever. However, for most, the fix is ​​pretty simple: users can download and install the update, which fixes the vulnerability and is back to being as secure as they can be. But for Apple and its most high-risk customers, this is just the latest in an ongoing battle to try to keep users safe. For these hackers themselves, it is a rare and valuable success in this struggle. Hackers are constantly looking for bugs like this so they can be sold. Probably the most famous example is Pegasus, a piece of spyware believed to have been used by many governments that allows access to iPhones – so hackers can read people’s messages, track their location, and listen and monitor via of their microphone and camera. Such powerful software was only possible because there is a whole market for finding such bugs. If a hacker finds a major problem like the one addressed in the new software update, they have the option of selling it to spyware companies – those spyware companies can then weaponize it and sell it to organizations like nation states, which are in position to deploy them on dissidents or other enemies. To try to counter this market for vulnerabilities, tech companies are offering “bug donations” – payments aimed at incentivizing security researchers to hand over any bugs to the companies responsible, rather than selling them to people who aim to use them for attacks in cyberspace. In the past, Apple has been criticized for both the value and effectiveness of its bug bounty program, with researchers arguing that more should be given and that problems are not tracked quickly enough. But Apple is offering a significant amount of money for bugs: ranging from $100,000 for finding a way around the iPhone’s lock screen or getting iCloud account data, up to $1 million for the most profound bugs, which let people to get into the deepest parts of the phone without even touching it. Apple’s list of security updates makes it clear how often these problems are found and how damaging they can be. The most recent update was released on Wednesday and was credited to an anonymous researcher – who will likely have made a significant amount of money from finding it – but before that a critical security update was issued almost once a month in 2022. It can be hard to know how significant these attacks are, precisely because Apple and other tech companies keep this information secret to ensure it can’t be used. If Apple were to reveal the nature of the attack, it could also give hackers an idea of ​​how to use it. “To protect our customers, Apple does not disclose, discuss or confirm security issues until an investigation is conducted and patches or releases are generally available,” it writes on its website. It is also a provision of the bug bounty program that hackers should not talk about the problem until it is addressed. Even with these updates, however, the iPhone cannot remain completely secure. Hackers are always looking for ways to break into devices, and sometimes they find them. no device can be completely secure, something even Apple itself has acknowledged in its updates. Last month, Apple announced the introduction of “Lockdown Mode”. Its existence is a recognition of the fact that there will always be some tension between useful functions in phones and absolute security, and this is not always a way to have both. When a user activates this feature, it makes it clear that the phone “won’t work as usual”. It also makes it clear that it is intended only for those who are likely to be personally targeted by such attacks. “Lockdown mode is an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack,” it states. “Most people are never the target of this kind of attack.” Apple hasn’t given any explicit guidance on who should consider themselves the kind of high-risk user who should enable the feature. But he did suggest that anyone in that group would already know. if you have no reason to suspect that you might fall victim to such a hack, then you probably won’t. That’s partly because exploiting such vulnerabilities often also means alerting companies and security experts that they exist, which in turn can mean they might be patched. The powerful Pegasus spyware, for example, was found when attackers tried to use it on a human rights activist. The very fact of using an exploit means it becomes weaker, so they are generally only used on high-profile targets that are worth the risk. Using such attacks is also hard work, and not the kind that can be done en masse. Phones are usually jailbroken with a suspicious link or file, for example, which must be sent specifically to a user who must then open it. None of this is to say that the risk isn’t significant to someone who doesn’t consider themselves high-risk, however, security experts urge users to install updates as they become available. “While the vulnerability could allow threat actors to take full control of a device, stay calm and simply take control of your devices and download software updates available from Apple,” said Sam Curry, Apple’s chief security officer. Cybereason. “Do it and move on.”

title: “Apple Vulnerability The Emergency Update Is Just The Latest In A Battle Between Iphone Owners And Hackers Klmat” ShowToc: true date: “2022-11-21” author: “Barney Mccoy”

iPhone, iPad and Mac users have been urged to install the patch as soon as possible to ensure they are not targeted by a hack that appears to have already been used on some people. The risk of such a vulnerability is high, even if the patch is simple. And its effects could be devastating, even if most people would never know it existed. It’s the latest major flare-up in an ongoing battle for control and access to iPhones. On one side are the hackers – often employed by governments – who are constantly looking for a way to get into the device. on the other is Apple, security experts and iPhone owners themselves. It’s far from the first time Apple has released an emergency security update of this kind. But the latest is less common as Apple revealed that it could have already been exploited – there have only been a handful of examples of such attacks throughout the iPhone’s history. There will, however, almost certainly be more. Any device connected to the Internet is a potential target for hackers, and there is never such a thing as perfect security forever. However, for most, the fix is ​​pretty simple: users can download and install the update, which fixes the vulnerability and is back to being as secure as they can be. But for Apple and its most high-risk customers, this is just the latest in an ongoing battle to try to keep users safe. For these hackers themselves, it is a rare and valuable success in this struggle. Hackers are constantly looking for bugs like this so they can be sold. Probably the most famous example is Pegasus, a piece of spyware believed to have been used by many governments that allows access to iPhones – so hackers can read people’s messages, track their location, and listen and monitor via of their microphone and camera. Such powerful software was only possible because there is a whole market for finding such bugs. If a hacker finds a major problem like the one addressed in the new software update, they have the option of selling it to spyware companies – those spyware companies can then weaponize it and sell it to organizations like nation states, which are in position to deploy them on dissidents or other enemies. To try to counter this market for vulnerabilities, tech companies are offering “bug donations” – payments aimed at incentivizing security researchers to hand over any bugs to the companies responsible, rather than selling them to people who aim to use them for attacks in cyberspace. In the past, Apple has been criticized for both the value and effectiveness of its bug bounty program, with researchers arguing that more should be given and that problems are not tracked quickly enough. But Apple is offering a significant amount of money for bugs: ranging from $100,000 for finding a way around the iPhone’s lock screen or getting iCloud account data, up to $1 million for the most profound bugs, which let people to get into the deepest parts of the phone without even touching it. Apple’s list of security updates makes it clear how often these problems are found and how damaging they can be. The most recent update was released on Wednesday and was credited to an anonymous researcher – who will likely have made a significant amount of money from finding it – but before that a critical security update was issued almost once a month in 2022. It can be hard to know how significant these attacks are, precisely because Apple and other tech companies keep this information secret to ensure it can’t be used. If Apple were to reveal the nature of the attack, it could also give hackers an idea of ​​how to use it. “To protect our customers, Apple does not disclose, discuss or confirm security issues until an investigation is conducted and patches or releases are generally available,” it writes on its website. It is also a provision of the bug bounty program that hackers should not talk about the problem until it is addressed. Even with these updates, however, the iPhone cannot remain completely secure. Hackers are always looking for ways to break into devices, and sometimes they find them. no device can be completely secure, something even Apple itself has acknowledged in its updates. Last month, Apple announced the introduction of “Lockdown Mode”. Its existence is a recognition of the fact that there will always be some tension between useful functions in phones and absolute security, and this is not always a way to have both. When a user activates this feature, it makes it clear that the phone “won’t work as usual”. It also makes it clear that it is intended only for those who are likely to be personally targeted by such attacks. “Lockdown mode is an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack,” it states. “Most people are never the target of this kind of attack.” Apple hasn’t given any explicit guidance on who should consider themselves the kind of high-risk user who should enable the feature. But he did suggest that anyone in that group would already know. if you have no reason to suspect that you might fall victim to such a hack, then you probably won’t. That’s partly because exploiting such vulnerabilities often also means alerting companies and security experts that they exist, which in turn can mean they might be patched. The powerful Pegasus spyware, for example, was found when attackers tried to use it on a human rights activist. The very fact of using an exploit means it becomes weaker, so they are generally only used on high-profile targets that are worth the risk. Using such attacks is also hard work, and not the kind that can be done en masse. Phones are usually jailbroken with a suspicious link or file, for example, which must be sent specifically to a user who must then open it. None of this is to say that the risk isn’t significant to someone who doesn’t consider themselves high-risk, however, security experts urge users to install updates as they become available. “While the vulnerability could allow threat actors to take full control of a device, stay calm and simply take control of your devices and download software updates available from Apple,” said Sam Curry, Apple’s chief security officer. Cybereason. “Do it and move on.”