Displaying items by tag: Apple

Remember the iMessage flaw that allowed for a zero click installation of malware? You know, the one that was discovered by Russian cybersecurity firm Kaspersky which was allegedly targeting Russian Apple devices? The one that Russia said was a US cyber op? Yeah, that one. Well, it seems that Apple has rolled out a patch for this flaw which was part of an operation dubbed Triangulation with the backdoor actually being called TriangleBD.

There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.

Apple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw and basic security viewpoint, but the same feature also has created challenges for the installation of third-party anti-malware and other security tools since its launch. All that aside, Microsoft, of all people, has shared details on a vulnerability that can be used by attackers to completely bypass the protections that SIP is supposed to offer.

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.

After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.

I’ll take stupid features for $500 Alex. It seems that Apple is looking to deploy a feature that would allow your phone to sound and reply just like you do. The feature called “Personal Voice” uses a form of AI to replicate the sound and speech pattern of your voice in as little as 15 minutes (queue GEICO joke here). The feature is part of an update to their built-in accessibility features toolkit and on the surface is intended to help people that have speech challenges. Personal Voice can be used for in-person conversations and via phone calls. This feature will be tied to something called Live Speech which allows someone to type in messages and have them spoken by your phone.

Two new variants of Cobalt Strike written in Ggoogle’s Golang have popped up on the wild internet. According to SentinelOne, this new flavor is set up to target macOS systems. They have also noted that this new beacon (called Geacon) has been popping up on malware review sites like Virus Total in the past few months. The new detections could be part of red-teaming exercises, but the increase seems to indicate that real-world malicious activity is also part of the surge in detections.

A couple of weeks ago Meta, Facebook’s parent company, announced that they were losing money (to the tune of $10 Billion) due to changes in the way Apple mobile devices handle user tracking by apps. The move by Apple was a bit of a surprise considering some of Apple’s history, but when you consider that Apple and Meta will probably be VR competitors it was not that much of one. The announcement also caused many to wonder if Google would follow suit.

Yesterday Apple released several patches for their different operating systems. One that we have talked about before is a core bug in Apple’s WebKit based Safari. This bug could potentially leak personal information regardless of the privacy settings you had enabled. In macOS you could always change to another browser that was not WebKit based. On iOS, iPadOS, watchOS and other app store locked devices there was no option as Apple requires every browser to use WebKit for its render engine.

When you are hunting, finding out where your target frequents and laying in wait is an often-used tactic. If your information is good, you are going to have a successful hunt. The same is true in cybersecurity, both from an attacker and researcher perspective. These attacks are called watering hole attacks. You are looking for your intended target to come and “take a drink” so you can spring your trap.