Saturday, November 23, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

MacOS

ComputerWorld Independent 

Researchers build a scary Mac attack using AI and sound

admin , , , ,

A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren’t particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

“(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified,” the researchers wrote.

To read this article in full, please click here

Read more
MalwareBytes Security 

[Updated] Apple issues Rapid Security Response for zero-day vulnerability

admin , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: Safari

Tags: WebKit

Tags: macOS

Tags: iOS

Tags: iPadOs

Tags: CVE-2023-37450

Tags: drive-by

Tags: code execution

Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited.

(Read more…)

The post [Updated] Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Read more
MalwareBytes Security 

Apple issues Rapid Security Response for zero-day vulnerability

admin , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: Safari

Tags: WebKit

Tags: macOS

Tags: iOS

Tags: iPadOs

Tags: CVE-2023-37450

Tags: drive-by

Tags: code execution

Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited.

(Read more…)

The post Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

Apple's disappearing Rapid Security Response update (u)

admin , , , ,

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Apple's disappearing Rapid Security Response update

admin , , , ,

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more
ComputerWorld Independent 

How and why to use FIDO Security Keys for Apple ID

admin , , , , , ,

In a world that needs Apple’s recently-improved Lockdown Mode to protect good people against bad ones, high-risk individuals should consider using physical security keys to protect their Apple ID.

What are Security Keys and what do they do?

Security keys are small devices that look a little like thumb drives. Apple at WWDC 2020 confirmed plans to support FIDO authentication beginning with iOS 14 and macOS 11; now, with the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple lets you use them to verify your Apple ID, replacing a passcode. They become one of the two forms of identification you require with two-factor authentication (2FA).

To read this article in full, please click here

Read more
MalwareBytes Security 

Microsoft gives Apple a migraine

admin , , , , , , , , , , , ,

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: macOS

Tags: Ventura 13.4

Tags: Monterey 12.6.6

Tags: Big Sur 11.7.7

Tags: libxpc

Tags: SIP

Tags: XPC

Tags: NVRAM

Tags: CVE-2023-32369

Tags: Migraine

Microsoft has released details about a vulnerability that can bypass macOS’s System Integrity Protection

(Read more…)

The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

Addigy promises a fix for Apple devices stuck on OSUpdateScan

admin , , , ,

Enterprise admins handling fleets of Macs take note: there’s a new security management tool from Apple device management firm Addigy.

The MDM Watchdog Utility monitors the MDM framework on devices and automatically forces software patches to be installed if they’re not already in place. This is designed to help solve a specific problem in which some (not all) managed Macs do not properly install Apple’s Rapid Security Response updates.

When security isn’t

In today’s fast-moving threat environment, Apple has introduced Rapid Security Response (RSR) as a key front line against new threats. The defense is intended to be distributed and installed across Apple’s platforms as swiftly as possible once new threats are identified. The idea is that by expediting distribution and making installation a quicker process, it will be easier to maintain security across Mac fleets. That’s important as the scale of Apple deployments grows and enterprises move to support employee choice.

To read this article in full, please click here

Read more