exploits – SSL and internet security news

Zero-Click Exploit in iPhones

September 13, 2023 infossl

apple, exploits, ios, iphone, Security technology, spyware, Uncategorized, vulnerabilities

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect … Read More “Zero-Click Exploit in iPhones” »

Operation Triangulation: Zero-Click iPhone Malware

June 9, 2023 infossl

exploits, forensics, ios, iphone, malware, Security technology, Uncategorized

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to the device. The mvt-ios utility produces a sorted … Read More “Operation Triangulation: Zero-Click iPhone Malware” »

Zoom Exploit on MacOS

August 17, 2022 infossl

apple, exploits, privilege escalation, Security technology, Uncategorized, vulnerabilities

This vulnerability was reported to Zoom last December: The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application … Read More “Zoom Exploit on MacOS” »

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

December 20, 2021 infossl

Citizen Lab, cyberweapons, exploits, Security technology, spyware, Uncategorized

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We haven’t heard a lot about Cytrox and its Predator spyware. According to Citzen Lab: We conducted … Read More “More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers” »

Apple Sues NSO Group

November 24, 2021 infossl

apple, courts, exploits, Security technology, spyware, Uncategorized

Piling more on NSO Group’s legal troubles, Apple is suing it: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. … Read More “Apple Sues NSO Group” »

MacOS Zero-Day Used against Hong Kong Activists

November 12, 2021 infossl

activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised … Read More “MacOS Zero-Day Used against Hong Kong Activists” »

Hacking the Sony Playstation 5

November 10, 2021 infossl

exploits, gaming consoles, hacking, reverse engineering, Security technology, Uncategorized

I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming … Read More “Hacking the Sony Playstation 5” »

The Proliferation of Zero-days

September 24, 2021 infossl

china, exploits, hacking, Security technology, Uncategorized, zero-day

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards. At the … Read More “The Proliferation of Zero-days” »

Zero-Click iMessage Exploit

September 17, 2021 infossl

apple, exploits, patching, Security technology, spyware, Uncategorized, vulnerabilities

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Powered by WPeMatico

Zero-Click iPhone Exploits

September 1, 2021 infossl

apple, Citizen Lab, cyberweapons, exploits, iphone, malware, Security technology, Uncategorized

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. The victim receives a text message, and then they … Read More “Zero-Click iPhone Exploits” »