Researchers detail GoFetch, a new side-channel attack impacting Apple CPUs that could allow an attacker to obtain secret keys. The post New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys appeared first on SecurityWeek.
...moreSummary
Total Articles Found: 14
Top sources:
Top Keywords:
- Apple: 14
- Security: 5
- iPhone: 4
- Breaking News: 3
- Hacking: 3
Top Authors
- Bruce Schneier: 4
- Pierluigi Paganini: 3
- Lawrence Abrams: 2
- Eduard Kovacs: 1
- Boris Larin: 1
Top Articles:
- Operation Triangulation: The last (hardware) mystery
- 10% of All Macs Shlayered, Malware Cocktail Served
- Apple emergency update fixes zero-day used to hack Macs, Watches
- Apple fixes SUDO root privilege escalation flaw in macOS
- Cellebrite Claims It Can Unlock Any iPhone
- FBI asks Apple to help it unlock iPhones of naval base shooter
- Apple Adds a Backdoor to iMesssage and iCloud Storage
- Apple emergency security updates fix two new iOS zero-days
- PACMAN, a new attack technique against Apple M1 CPUs
- Apple fixes the sixth zero-day since the beginning of 2022
New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys
Published: 2024-03-22 10:42:36
Popularity: 16
Author: Eduard Kovacs
Keywords:
Apple emergency security updates fix two new iOS zero-days
Published: 2024-03-05 22:33:24
Popularity: 49
Author: Pierluigi Paganini
Keywords:
Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it […]
...moreOperation Triangulation: The last (hardware) mystery
Published: 2023-12-27 14:00:43
Popularity: 2485
Author: Boris Larin
Keywords:
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
...morePACMAN, a new attack technique against Apple M1 CPUs
Published: 2022-06-11 13:34:12
Popularity: 48
Author: Pierluigi Paganini
Keywords:
PACMAN is a new attack technique demonstrated against Apple M1 processor chipsets that could be used to hack macOS systems. PACMAN is a novel hardware attack technique that can allow attackers to bypass Pointer Authentication (PAC) on the Apple M1 CPU. The pointer authentication codes (PACs) allow to detect and guard against unexpected changes to pointers in memory. […] The post PACMAN, a new attack technique against Apple M1 CPUs appeared first on Security Affairs.
...moreApple emergency update fixes zero-day used to hack Macs, Watches
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...]
...moreApple fixes the sixth zero-day since the beginning of 2022
Published: 2022-05-16 20:27:49
Popularity: 26
Author: Pierluigi Paganini
Keywords:
Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22675, actively exploited in attacks aimed at Macs and Apple Watch devices. The flaw is an out-of-bounds write issue that resides in the AppleAVD, it can lead to […] The post Apple fixes the sixth zero-day since the beginning of 2022 appeared first on Security Affairs.
...moreZero-Click iMessage Exploit
Published: 2021-09-17 11:09:27
Popularity: 13
Author: Bruce Schneier
Keywords:
LLM Says: "Sneaky hack"
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit.
...moreApple Adds a Backdoor to iMesssage and iCloud Storage
Published: 2021-08-10 11:37:30
Popularity: 56
Author: Bruce Schneier
Keywords:
LLM Says: ""Surveillance mode activated""
Apple’s announcement that it’s going to start scanning photos for child abuse material is a big deal. (Here are five news stories.) I have been following the details, and discussing it in several different email lists. I don’t have time right now to delve into the details, but wanted to post something. EFF writes: There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material (CSAM) maintained by the National Center for Missing & Exploited Children (NCMEC). The other feature scans all iMessage images sent or received by child accounts — that is, accounts designated as owned by a minor — for sexually explicit material, and if the child is young enough, notifies the parent when these images are sent or received. This feature can be turned on or off by parents...
...moreApple’s search for child abuse imagery raises serious privacy questions
Published: 2021-08-06 21:10:54
Popularity: 7
Author: Thomas Reed
Keywords:
iMessage content, and photos sent to iCloud are going to be monitored for child sexual abuse material. Is it a great move, or a dangerous slide away from privacy? Categories: Malwarebytes news Tags: AppleCSAMicloudiOSiPadOSiPhone (Read more...) The post Apple’s search for child abuse imagery raises serious privacy questions appeared first on Malwarebytes Labs.
...moreApple Will Offer Onion Routing for iCloud/Safari Users
Published: 2021-06-22 11:54:09
Popularity: 9
Author: Bruce Schneier
Keywords:
LLM Says: "Torified Safari"
At this year’s Apple Worldwide Developer Conference, Apple announced something called “iCloud Private Relay.” That’s basically its private version of onion routing, which is what Tor does. Privacy Relay is built into both the forthcoming iOS and MacOS versions, but it will only work if you’re an iCloud Plus subscriber and you have it enabled from within your iCloud settings. Once it’s enabled and you open Safari to browse, Private Relay splits up two pieces of information that — when delivered to websites together as normal — could quickly identify you. Those are your IP address (who and exactly where you are) and your DNS request (the address of the website you want, in numeric form)...
...moreApple fixes SUDO root privilege escalation flaw in macOS
Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...]
...more10% of All Macs Shlayered, Malware Cocktail Served
Many people think that malware only targets Windows and that Macs are safe, but a new report shows how a single Apple malware called Shlayer has attacked over 10% of all Apple computers monitored by an antivirus company. [...]
...moreFBI asks Apple to help it unlock iPhones of naval base shooter
Published: 2020-01-09 11:41:31
Popularity: 188
Author: Lisa Vaas
Keywords:
This could signal a renewed war between Apple and law enforcement over breaking encryption.
...moreCellebrite Claims It Can Unlock Any iPhone
Published: 2019-06-28 11:35:40
Popularity: 214
Author: Bruce Schneier
Keywords:
LLM Says: ""Cracked Wide Open""
The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know....
...more