Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications. Apple’s explanation of the vulnerability means that a hacker could gain “full administrative access” to the device. This would allow attackers to impersonate the owner of the device and then run any software in their name, said Rachel Tobac, CEO of SocialProof Security. According to security reports, the vulnerabilities affected Apple’s WebKit, which is the engine that powers the Safari web browser and other browsers on iOS. and kernel, Apple’s basic computer operating system. Security experts have advised users to update the affected devices — iPhone6S and newer models. many iPad models, including 5th generation and later, all iPad Pro models and iPad Air 2. and Mac computers with MacOS Monterey. The flaw also affects some iPod models. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was cited. Commercial spyware companies, such as Israel’s NSO Group, are known for finding and exploiting such flaws, exploiting them in malware that secretly infects target smartphones, captures their contents, and tracks targets in real time. In July 2021, Apple released a similar security patch that said a flaw in its security design was “actively being exploited.” Again, an anonymous researcher was credited with the discovery. WATCHES | Why tech companies are ditching passwords to boost security:

Apple, Google and Microsoft want to do away with passwords to improve security

Tech giants Apple, Google and Microsoft have announced that they are working on implementing passwordless sign-in technology, allowing users to more securely sign in to mobile apps, desktop computers and browsers using their smartphones without a standard password. The NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws and, on what Strafach estimated to be perhaps a dozen times, has noted that it was aware of reports that such security holes had been exploited.

title: “Apple S Security Flaw Allows Hackers To Take Complete Control Of Iphones Ipads And Macs Klmat” ShowToc: true date: “2022-11-25” author: “Barbara Kinney”

Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications. Apple’s explanation of the vulnerability means that a hacker could gain “full administrative access” to the device. This would allow attackers to impersonate the owner of the device and then run any software in their name, said Rachel Tobac, CEO of SocialProof Security. According to security reports, the vulnerabilities affected Apple’s WebKit, which is the engine that powers the Safari web browser and other browsers on iOS. and kernel, Apple’s basic computer operating system. Security experts have advised users to update the affected devices — iPhone6S and newer models. many iPad models, including 5th generation and later, all iPad Pro models and iPad Air 2. and Mac computers with MacOS Monterey. The flaw also affects some iPod models. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was cited. Commercial spyware companies, such as Israel’s NSO Group, are known for finding and exploiting such flaws, exploiting them in malware that secretly infects target smartphones, captures their contents, and tracks targets in real time. In July 2021, Apple released a similar security patch that said a flaw in its security design was “actively being exploited.” Again, an anonymous researcher was credited with the discovery. WATCHES | Why tech companies are ditching passwords to boost security:

Apple, Google and Microsoft want to do away with passwords to improve security

Tech giants Apple, Google and Microsoft have announced that they are working on implementing passwordless sign-in technology, allowing users to more securely sign in to mobile apps, desktop computers and browsers using their smartphones without a standard password. The NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws and, on what Strafach estimated to be perhaps a dozen times, has noted that it was aware of reports that such security holes had been exploited.

title: “Apple S Security Flaw Allows Hackers To Take Complete Control Of Iphones Ipads And Macs Klmat” ShowToc: true date: “2022-11-09” author: “Monica Everson”

Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications. Apple’s explanation of the vulnerability means that a hacker could gain “full administrative access” to the device. This would allow attackers to impersonate the owner of the device and then run any software in their name, said Rachel Tobac, CEO of SocialProof Security. According to security reports, the vulnerabilities affected Apple’s WebKit, which is the engine that powers the Safari web browser and other browsers on iOS. and kernel, Apple’s basic computer operating system. Security experts have advised users to update the affected devices — iPhone6S and newer models. many iPad models, including 5th generation and later, all iPad Pro models and iPad Air 2. and Mac computers with MacOS Monterey. The flaw also affects some iPod models. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was cited. Commercial spyware companies, such as Israel’s NSO Group, are known for finding and exploiting such flaws, exploiting them in malware that secretly infects target smartphones, captures their contents, and tracks targets in real time. In July 2021, Apple released a similar security patch that said a flaw in its security design was “actively being exploited.” Again, an anonymous researcher was credited with the discovery. WATCHES | Why tech companies are ditching passwords to boost security:

Apple, Google and Microsoft want to do away with passwords to improve security

Tech giants Apple, Google and Microsoft have announced that they are working on implementing passwordless sign-in technology, allowing users to more securely sign in to mobile apps, desktop computers and browsers using their smartphones without a standard password. The NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws and, on what Strafach estimated to be perhaps a dozen times, has noted that it was aware of reports that such security holes had been exploited.

title: “Apple S Security Flaw Allows Hackers To Take Complete Control Of Iphones Ipads And Macs Klmat” ShowToc: true date: “2022-12-18” author: “Eugene Gibbs”

Apple released two security reports on the issue on Wednesday, though they didn’t get much attention outside of tech publications. Apple’s explanation of the vulnerability means that a hacker could gain “full administrative access” to the device. This would allow attackers to impersonate the owner of the device and then run any software in their name, said Rachel Tobac, CEO of SocialProof Security. According to security reports, the vulnerabilities affected Apple’s WebKit, which is the engine that powers the Safari web browser and other browsers on iOS. and kernel, Apple’s basic computer operating system. Security experts have advised users to update the affected devices — iPhone6S and newer models. many iPad models, including 5th generation and later, all iPad Pro models and iPad Air 2. and Mac computers with MacOS Monterey. The flaw also affects some iPod models. Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, an anonymous researcher was cited. Commercial spyware companies, such as Israel’s NSO Group, are known for finding and exploiting such flaws, exploiting them in malware that secretly infects target smartphones, captures their contents, and tracks targets in real time. In July 2021, Apple released a similar security patch that said a flaw in its security design was “actively being exploited.” Again, an anonymous researcher was credited with the discovery. WATCHES | Why tech companies are ditching passwords to boost security:

Apple, Google and Microsoft want to do away with passwords to improve security

Tech giants Apple, Google and Microsoft have announced that they are working on implementing passwordless sign-in technology, allowing users to more securely sign in to mobile apps, desktop computers and browsers using their smartphones without a standard password. The NSO Group has been blacklisted by the US Department of Commerce. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists. Security researcher Will Strafach said he hadn’t seen any technical analysis of the vulnerabilities Apple just patched. The company has previously acknowledged similarly serious flaws and, on what Strafach estimated to be perhaps a dozen times, has noted that it was aware of reports that such security holes had been exploited.