This week Apple released updates to most of its operating systems and the macOS version of the Safari browser. Here’s a brief rundown of the security fixes included with each update as well as some of the non-security changes.iOS 14.0 and iPadOS 14.0Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0iOS 14.0 and iPadOS 14.0 are now available and address the following:AppleAVDAvailable for: iPhone 6s and later, iPod touch 7th generation, iPadAir 2 and later, and iPad mini 4 and laterImpact: An application may be able to cause unexpected systemtermination or write

Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14 this week.Each of the addressed security flaws impacts a different component of the operating system, namely AppleAVD, Assets, Icons, IDE Device Support, IOSurfaceAccelerator, Keyboard, Model I/O, Phone, Sandbox, Siri, and WebK

With the release of iOS 14, Apple has introduced a new feature that warns users when their stored passwords have been compromised in data breaches.iOS includes the Keychain password manager that allows users to save credentials and automatically fill them into login forms on sites and apps.The password manager can be found under Settings > Passw

You probably know how important it is to back up your data, and there are a number of different backup options for Mac.But it’s also important to back up your iPhone or iPad. While you may not have a lot of documents on these devices that aren’t stored on a cloud server—which you can easily retrieve if necessary—you are likely to have photos and

Microsoft is bringing a popular Apple iOS feature to Windows 10 that allows you to control your cursor by pressing and holding the spacebar while moving your finger.Since iOS 12, you can hold and press the spacebar and then move your finger around to control the text input cursor, as shown in the video below.With the release of Windows 10 preview build 20206

In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their software is malware-free (and must go through for their software to run on macOS Catalina). This is meant to be another layer in Apple’s protection against malware. Unfortunately, it’s starting to look like notarization may

Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability (CVE-2020-3566) affecting the Cisco IOS XR Network OS that ru

Yesterday, a very interesting article was published on the MISP blog by my friend Koen about a solution to monitor a MISP instance with Cacti. Monitoring your threat intelligence platform is always a good idea because many other tools depend on it. You can feed other tools with MISP data and, if MISP is not running, you will probably break your detection cap

Experts at security firm Snyk discovered a malicious behavior in an advertising SDK that is used in more than 1,200 iOS apps available in the Apple App Store. Experts at security firm Snyk discovered a malicious behavior in the advertising SDK SourMint developed by Mintegral, a China-based mobile advertising platform provider. The Mintegral SDK is adverti

Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store.The SDK has been developed by Mintegral, a China-based mobile advertising platform provider that has offices in the United States, Europe and Asia. Snyk says it has

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = GoodRanking include Msf::Post::File include Msf::Exploit::Remote::HttpServer::HTML def initialize(info = {}) super( update_info( info, 'Nam

New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.In 2012, the National Telecommunications and Information Administration (NTIA) convened a series of meetings that were intended to develop a legally enforceable code of conduct to provide transparency in how companies provid

# Exploit Title: RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)# Author: Luis Martinez# Discovery Date: 2020-08-03# Vendor Homepage: https://appadvice.com/app/rtsp-viewer/1056996189# Software Link: App Store for iOS devices# Tested Version: 1.0# Vulnerability Type: Denial of Service (DoS) Local# Tested on OS: iPhone 7 iOS 13.5.1# Steps to

# Exploit Title: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)# Discovery by: Luis Martinez# Discovery Date: 2020-08-03# Vendor Homepage: https://apps.apple.com/us/app/telnet-lite/id286893976# Software Link: App Store for iOS devices# Tested Version: 4.2# Vulnerability Type: Denial of Service (DoS) Local# Tested on OS: iPhone 7 iOS