CyberSecurity news

FlagThis - #apple

MSSP Alert@MSSP feed for Latest //
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).

Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.

Recommended read:
References :
  • The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
  • BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
  • securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
  • CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
  • Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
  • techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.â€� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
  • The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
  • www.csoonline.com: Apple patches zero-day bugs used in targeted iPhone attacks
  • Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
  • www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
  • MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
  • Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacksâ€�
  • SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
  • bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
  • ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
  • iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
  • www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
  • PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
  • eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticatedâ€� cyber attacks.

Bruce Schneier@Schneier on Security //
References: Casey Newton , jonnyevans , Deeplinks ...
The UK government has reportedly ordered Apple to create a backdoor for accessing end-to-end encrypted data in iCloud. This demand, made under the Investigatory Powers Act, seeks blanket access to all encrypted content, not just specific accounts. The law, known as the "Snoopers' Charter," prohibits Apple from even revealing the demand.

The Washington Post reported that the UK government served Apple with a “technical capability notice” requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This has caused alarm among privacy advocates and tech experts with many seeing it as an emergency. Experts warn that complying with the order could weaken user trust and expose sensitive data to misuse, also a backdoor for the government puts everyone at greater risk of hacking, identity theft, and fraud. It is being reported that Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide.

Recommended read:
References :
  • Casey Newton: Reports on Apple's potential response to the UK's demand to access encrypted iCloud data.
  • jonnyevans: UK orders Apple to let it access everyone’s encrypted data
  • Tao of Mac: UK Government Orders Apple to Create Global iCloud Encryption Backdoor
  • Deeplinks: The Electronic Frontier Foundation (EFF) strongly opposes the UK's demand, emphasizing that weakening encryption undermines privacy and security.
  • Schneier on Security: The Washington Post is that the UK government has served Apple with a “technical capability noticeâ€� as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have worried was coming for a while now. The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand.
  • www.macrumors.com: UK Government Orders Apple to Create Global iCloud Encryption Backdoor
  • gbhackers.com: UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
  • techcrunch.com: UK government demands Apple backdoor to encrypted cloud data report
  • CyberInsider: U.K. Secretly Ordered Apple to Create Encryption Backdoor
  • gbhackers.com: UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
  • Carly Page: Government officials in the UK have reportedly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data. Apple will likely stop offering its encrypted cloud storage offering, Advanced Data Protection, to users in the country
  • tomas-svojanovsky.medium.com: The UK’s Secret Demand for an Apple Backdoor: What It Means for Your Privacy and Apple’s Encryption Battle
  • cyberinsider.com: U.K. Secretly Ordered Apple to Create Encryption Backdoor
  • 9to5Mac: It’s being reported that the British government secretly ordered to create a backdoor into all content uploaded by users anywhere in the world.
  • The Register - Security: UK Home Office silent on alleged Apple backdoor order
  • Matthew Green: Let’s be clear about what this article is saying. The U.K. has a law that allows it to issue “technical capability noticesâ€� to companies. These notices require the company to effectively disable, or secretly backdoor, their encryption mechanisms.
  • Matthew Green: The U.K. may be preparing to issue Apple an order that forces them to (secretly) disable encryption.
  • 9to5mac.com: 9to5Mac reports on the UK government's secret order for Apple to create a worldwide iCloud backdoor.
  • Six Colors: This article discusses the implications of the UK government's order for Apple to implement a backdoor for end-to-end encryption.
  • The Internet Review: This article discusses the UK government's mandate for Apple to create a global iCloud encryption backdoor.
  • Open Rights Group: UK government seeks to break encryption in secret, with minimal accountability and potentially global impacts. They're failing in their primary duty to protect British citizens in a world where cybersecurity threats are increasing. Privacy = security. We must protect encryption!
  • Anonymous ???????? :af:: It will affect users around the world: The UK's demands for Apple to break encryption is an emergency for us all. Weakening encryption violates human rights!
  • arstechnica.com: The UK demands Apple break encryption to allow gov’t spying worldwide, reports say Apple last year opposed UK's secret notices demanding encryption backdoors.
  • CCC: It will affect users around the world: The UK's demands for Apple to break encryption is an emergency for us all. Weakening encryption violates human rights!
  • Metacurity: UK government demands Apple create an encrypted cloud backdoor
  • www.computerworld.com: UK orders Apple to let it access everyone’s encrypted data
  • Anonymous ???????? :af:: Government officials in the UK have reportedly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data.
  • Ars Technica: UK demands Apple break encryption to allow gov’t spying worldwide, reports say Apple last year opposed UK's secret notices demanding encryption backdoors.
  • www.bbc.co.uk: The UK government seeks to break encryption in secret, with minimal accountability and potentially global impacts. They're failing in their primary duty to protect British citizens in a world where cybersecurity threats are increasing. Privacy = security. We must protect encryption!
  • Mark Nottingham: What can Apple do in the face of a UK order to weaken encryption worldwide? Decentralise iCloud, to start.
  • @PrivacyMatters: Mastodon post on the UK demanding Apple to create a backdoor to access all iCloud content.
  • securityaffairs.com: UK Gov demands backdoor to access Apple iCloud backups worldwide
  • techcrunch.com: The UK government's secret demands for backdoor access to encrypted iCloud accounts is a "global emergency", critics have warned
  • The Tuta Blog: Tuta.com: Apple to backdoor encryption? Round 2
  • www.cybersecurity-insiders.com: UK Home Office Seeks Access to Apple iCloud Accounts
  • SecureWorld News: A secret order issued by the United Kingdom's government is sparking global alarm among privacy advocates and cybersecurity experts.
  • Carly Page: The UK government's secret demands for backdoor access to encrypted iCloud accounts is a "global emergency", critics have warned
  • www.cybersecurity-insiders.com: CyberSecurity Insiders article about details on Home Office Apple iCloud access
  • securityboulevard.com: UK Is Ordering Apple to Break Its Own Encryption
  • securityboulevard.com: The United Kingdom has made a bold demand to Apple, purporting to require the company to create a backdoor to access encrypted cloud backups of all users worldwide.
  • blog.cryptographyengineering.com: U.K. asks to backdoor iCloud Backup encryption
  • www.helpnetsecurity.com: The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
  • www.scworld.com: Reported UK-ordered iCloud encryption backdoor slammed
  • Freedom of the Press: social.freedom.press topic about officials issued a secret order to Apple to create a backdoor for “blanketâ€� access to encrypted data on its iCloud service for users worldwide.
  • freedom.press: 📩 U.K. officials issued a secret order to Apple to create a backdoor for “blanketâ€� access to encrypted data on its iCloud service for users worldwide. Read about how to protect yourself in our digital security newsletter (and subscribe):
  • Help Net Security: The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance

Iain Thomson@The Register //
Apple has issued emergency security updates to address a zero-day vulnerability that was actively exploited in what the company describes as "extremely sophisticated" attacks targeting specific individuals. The vulnerability allowed attackers to disable USB Restricted Mode on locked iPhones and iPads, potentially enabling unauthorized data access. Apple's use of the term "extremely sophisticated" suggests a high level of complexity and targeted nature of these attacks.

The updates, released for iOS 18.3.1 and iPadOS 18.3.1, fix a flaw that allowed the disabling of USB Restricted Mode on a locked device. This security feature, introduced in 2018, blocks data transfer over USB if the device remains unlocked for seven days. The vulnerability was discovered by Bill Marczak from the Citizen Lab, who declined to comment further. While the identity of the attackers and their targets remain unknown, this highlights the importance of swiftly updating devices and raises concerns about the potential misuse of forensic tools to exploit such vulnerabilities.

Recommended read:
References :
  • cyberinsider.com: CyberInsider article on Apple Patches Zero-Day Exploit Targeting Locked iPhones
  • infosec.exchange: NEW: Apple released a fix for a zero-day bug for iOS and iPadOS that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.â€� AFAIK this is the first time Apple uses "extremely sophisticated attack" in an official release. At this point, we don't know who abused the flaw, nor against whom.
  • techcrunch.com: NEW: Apple has released updates for iPhone and iPad to fix a bug that Apple says was used in an "extremely sophisticated attack" against certain individuals.
  • PCMag UK security: Apple Patches 'Extremely Sophisticated Attack' That Can Hit iPhones
  • securityaffairs.com: SecurityAffairs article on iPhone and iPad bug exploited in sophisticated attacks
  • The Register - Security: Apple warns 'extremely sophisticated attack' may be targeting iThings
  • cyble.com: The Cyber Security Agency of Singapore (CSA) has recently issued a regarding the active exploitation of a zero-day vulnerability in a range of Apple products. This critical is being actively targeted, and Apple has released timely security updates to address the issue.
  • Zack Whittaker: Apple has released updates for iPhone and iPad to fix a bug that Apple says was used in an "extremely sophisticated attack" against certain individuals. According to the release, the attack may need physical access to a device.
  • TidBITS: Apple has released iOS 18.3.1 and iPadOS 18.3.1 to patch a vulnerability that disables USB Restricted Mode. While the risk is low for most users, high-profile targets like activists and journalists should update immediately.
  • thecyberexpress.com: The Cyber Express: Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
  • cyble.com: Apple issues an urgent security advisory for iOS and iPadOS vulnerabilities
  • support.apple.com: APPLE-SA-02-10-2025-1 iOS 18.3.1 and iPadOS 18.3.1
  • www.pcmag.com: News about Apple patching an extremely sophisticated attack that can hit iPhones.
  • readwrite.com: Apple releases iOS 18.3.1 to update security flaw in ‘sophisticated attack’
  • arstechnica.com: Updates may also re-enable Apple Intelligence for those who turned it off.
  • www.engadget.com: A new iPhone update patches a flaw that could allow an attacker to turn off a nearly seven-year-old .
  • Ars OpenForum: Updates may also re-enable Apple Intelligence for those who turned it off.
  • www.scworld.com: Such a vulnerability — which was discovered and reported by the University of Toronto Munk School of Global Affairs' The Citizen Lab — affects iPhone XS and later, iPad 7th generation and later, iPad mini 5th generation and later, all iPad Pro 11-inch generations, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd gen and later, and iPad Air 3rd generation and later.

MalBot@malware.news //
Check Point Research has identified a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals that targets macOS users. This updated version of the Banshee stealer uses the same string encryption algorithm as Apple's XProtect antivirus engine, allowing it to evade detection. The stealer operates as a 'stealer-as-a-service' and is used to steal browser credentials, cryptocurrency wallets, user passwords, and sensitive file data. It was initially distributed through malicious GitHub repositories and phishing websites which also targeted Windows users with Lumma Stealer.

The Banshee malware has seen a number of changes, with its original source code being leaked on underground forums, which ultimately led to the author shutting down their operations. Despite the shutdown, threat actors continue to distribute this new version of Banshee via phishing websites. The malware is designed to infiltrate macOS systems by using anti-analysis methods to evade debugging tools and antivirus engines by blending into legitimate processes. It has the ability to compromise cryptocurrency wallets, steal sensitive data, and deceive users with fake pop-ups to reveal their passwords.

Recommended read:
References :
  • ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
  • malware.news: Industrial router zero-day leveraged by new Mirai-based botnet
  • www.scworld.com: Industrial router zero-day leveraged by new Mirai-based botnet
  • gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
  • securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
  • ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
  • gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
  • securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
  • : Check Point Research : Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
  • malware.news: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • research.checkpoint.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • securityonline.info: Malware Alert: Banshee Stealer Targets macOS Users
  • www.bleepingcomputer.com: Banshee stealer evades detection using Apple XProtect encryption algo
  • www.sentinelone.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • Thomas Roccia :verified:: 🧐 CheckPoint recently released a macOS malware analysis report about the Banshee Stealer!
  • it-online.co.za: Banshee Stealer targets macOS users
  • ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • securityaffairs.com: Banshee macOS stealer supports new evasion mechanisms
  • 9to5Mac: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
  • 9to5mac.com: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
  • ciso2ciso.com: Banshee Stealer Hits macOS Users via Fake GitHub Repositories – Source:hackread.com
  • Latest from TechRadar: This devious macOS malware is evading capture by using Apple's own encryption
  • Pyrzout :vm:: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • ciso2ciso.com: Malware targets Mac users by using Apple’s security tool – Source: www.csoonline.com

@techcrunch.com //
Apple has ceased offering its Advanced Data Protection (ADP) feature for iCloud users in the United Kingdom. This decision follows a reported demand from the UK government for a backdoor that would grant authorities access to encrypted user data. ADP provided end-to-end encryption, ensuring that only the user could decrypt their data stored in iCloud. Apple confirmed that this security feature will no longer be available to new users, and existing UK users will eventually need to disable it.

Apple stated it was "gravely disappointed" that ADP protections would be unavailable in the UK, especially considering the increasing data breaches and threats to customer privacy. The company emphasized the growing need for enhanced cloud storage security with end-to-end encryption. This move highlights a conflict between government surveillance and user privacy, as security experts warn this demand could set a precedent for authoritarian countries. James Baker from Open Rights Group said, "The Home Office’s actions have deprived millions of Britons from accessing a security feature. As a result, British citizens will be at higher risk."

Recommended read:
References :
  • techcrunch.com: Apple has disabled its iCloud Advanced Data Protection feature for UK users after government demands for a backdoor.
  • securityaffairs.com: The article discusses Apple's decision to remove iCloud's Advanced Data Protection in the UK.
  • www.bleepingcomputer.com: This article discusses Apple's decision to disable the iCloud end-to-end encryption feature in the UK due to government pressure.
  • Deeplinks: The piece explains Apple's decision to disable the end-to-end encryption feature for iCloud in the UK due to the government demanding backdoor access.
  • Ars OpenForum: UK government wants access to all Apple user data worldwide
  • billatnapier.medium.com: Apple Steps Back Their Security
  • The Register - Security: Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
  • The Verge: The UK will neither confirm nor deny that it’s killing encryption

@www.forbes.com //
Apple has agreed to a $95 million settlement to resolve a class-action lawsuit concerning its Siri voice assistant. The lawsuit alleges that Siri recorded private conversations when unintentionally activated, sharing these recordings with third parties including advertisers and human reviewers. The plaintiffs claim this happened without their consent and that they were then targeted with specific ads based on these conversations, with some citing examples of receiving ads for products or medical treatments after discussing those topics near their devices. The settlement also mentions that Apple employed contractors to listen to some of these recordings which included private and confidential conversations.

Apple denies any wrongdoing as part of the settlement. However, the agreement indicates that eligible users who owned a Siri-enabled device between 2014 and 2019 may be entitled to a payout of up to $20 per device. Class members are defined as individuals who are current or former owners of a Siri Device and reside in the US and its territories. They must also be willing to declare under oath that Apple recorded their conversations while Siri was accidentally activated. The final size of each payment will depend on the number of claims made.

Recommended read:
References :
  • www.bbc.com: Report on Apple paying $95 million to settle a lawsuit about Siri listening
  • www.businessinsider.com: Report about who might be eligible for a payout in the Siri settlement.
  • www.forbes.com: Details of the Apple Siri settlement and how users can claim.
  • Hacker News: Apple Siri Eavesdropping Payout–Here's Who's Eligible and How to Claim L: C: posted on 2025.01.04 at 09:40:24 (c=1, p=3)
  • www.forbes.com: Apple Siri Eavesdropping Payout—Here’s Who’s Eligible And How To Claim
  • www.apple.com: Our longstanding privacy commitment with Siri
  • The Verge: The Verge article on Apple refuting rumors about Siri and advertising.
  • Quartz: Apple says Siri isn't eavesdropping and selling your data
  • www.benzinga.com: Apple Clarifies Siri Privacy Policy After $95 Million Settlement Over Allegations Of Unauthorized Recordings

info@thehackernews.com (The Hacker News)@The Hacker News //
Microsoft has uncovered a new variant of the XCSSET macOS malware, marking the first major revision since 2022. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware is spread through infected Xcode projects, posing a significant risk to Apple developers.

The new XCSSET variant uses more randomized encoding methods, including Base64 in addition to xxd, and obfuscates module names to make analysis more difficult. The malware also employs a "dock method" where a fake Launchpad application is created, replacing the legitimate Launchpad's path in the dock, ensuring the malicious payload executes every time Launchpad is started. Microsoft advises users to inspect Xcode projects before using them and only install apps from trusted sources.

Recommended read:
References :
  • Talkback Resources: Talkback.sh article summarizing Microsoft's discovery of an advanced XCSSET malware variant for macOS.
  • The Hacker News: The Hacker News article about Microsoft uncovering a new XCSSET macOS malware variant with advanced obfuscation tactics.
  • www.bleepingcomputer.com: Microsoft spots XCSSET macOS malware variant used for crypto theft
  • Help Net Security: The XCSSET info-stealing malware is back, targeting macOS users and devs
  • securityonline.info: XCSSET Malware Returns with Enhanced Capabilities to Target macOS Users
  • www.helpnetsecurity.com: The XCSSET info-stealing malware is back, targeting macOS users and devs
  • ciso2ciso.com: Source: thehackernews.com – Author: . Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
  • The Register: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
  • ciso2ciso.com: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics – Source:thehackernews.com
  • go.theregister.com: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
  • BleepingComputer: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
  • securityaffairs.com: New XCSSET macOS malware variant used in limited attacks

@Full Disclosure //
Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.

The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.

Recommended read:
References :

Viplav Kushwah (noreply@blogger.com)@cysecurity.news //
Quishing, or QR code phishing, has emerged as a significant cyber threat, exploiting the widespread use of QR codes. Scammers are using counterfeit QR codes to redirect users to fraudulent websites, initiate malware downloads, or steal sensitive information. These malicious codes are embedded in various places, including emails, invoices, flyers, and even physical locations like restaurant menus, preying on the trust users have in QR codes for quick access to digital services.

The techniques used in quishing attacks vary, from embedding fake QR codes in email attachments that appear legitimate to replacing genuine QR codes in public spaces. Cybercriminals often impersonate trusted entities, such as banks, to trick victims into scanning the codes. Consequences of falling victim to quishing can include financial loss, data breaches, and malware deployment, which can compromise both personal and corporate systems. To mitigate these risks, organizations should educate employees about the dangers of scanning unverified QR codes and implement advanced security tools like email security systems with dynamic URL analysis to detect malicious QR codes.

Recommended read:
References :
  • Cyber Security News: QR Code Phishing (Quishing) Emerges as a Leading Cyber Threat
  • gbhackers.com: Quishing via QR Codes Emerging as a Top Attack Vector Used by Hackers
  • www.cysecurity.news: “Quishing†is the process of placing a malicious URL into a QR code.
  • Blog RSS Feed: "Quishing" - The Emerging Threat of Fake QR Codes
  • cyberpress.org: Article about QR code phishing (quishing) emerging as a leading cyber threat.

@cyberalerts.io //
References: cyberinsider.com , Dan Goodin ,
George Mason University researchers have revealed a novel attack, dubbed "nRootTag," that exploits Apple's Find My network to track computers, smartphones, and IoT devices. This method uses a device’s Bluetooth address to trick the Find My network into identifying the target device as a lost AirTag. This effectively transforms the targeted device into a covert tracking beacon, enabling hackers to monitor its location remotely.

This unauthorized "AirTag" silently transmits Bluetooth signals to nearby Apple devices, which then anonymously relay the device's location via Apple Cloud. According to the research, a stationary computer’s location could be pinpointed to within 10 feet, and a moving e-bike's route could be accurately tracked. The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices.

Recommended read:
References :
  • cyberinsider.com: Apple’s Find My Exploited in nRootTag Attacks for User Tracking
  • Dan Goodin: The new "nRootTag" attack that transforms phones, computers and IoT devices into AirTags that can be tracked over Apple Find My sounds newsworthy at first blush.
  • Techlore: : Researchers uncovered some nasty vulnerabilities in Apple's Find My network

@securityonline.info //
Apple has released emergency security updates to address a critical zero-day vulnerability, identified as CVE-2025-24085, which is actively being exploited in the wild. The flaw impacts a wide array of Apple products, including iPhones, iPads, Macs, Apple Watches, Apple TVs, and devices running visionOS. This vulnerability, found within the Core Media framework, a core component of Apple's media processing pipeline, can potentially allow malicious applications to gain elevated privileges on affected devices. Apple has acknowledged reports of the issue being actively exploited against versions of iOS before 17.2, underscoring the urgency of the situation.

The updates are designated as iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3 and address the vulnerability through improved memory management. Affected devices include iPhone XS and later, various iPad models including the iPad Pro, iPad Air, and iPad mini (specific generations detailed), Macs running macOS Sequoia, Apple Watch Series 6 and later, and all models of Apple TV HD and Apple TV 4K. Users are strongly advised to update their devices immediately to protect against potential exploits. Apple has not yet disclosed further details about the attacks or the researcher who discovered the vulnerability.

Recommended read:
References :
  • securityonline.info: CVE-2025-24085: Apple Patches Actively Exploited Zero-Day Vulnerability
  • ciso2ciso.com: Apple Patches Actively Exploited Zero-Day Vulnerability
  • ApplSec: EMERGENCY UPDATE Apple pushed updates for a new zero-day that may have been actively exploited. CVE-2025-24085 (CoreMedia): - iOS and iPadOS 18.3 - macOS Sequoia 15.3 - tvOS 18.3 - watchOS 11.3
  • ciso2ciso.com: Apple Patches Actively Exploited Zero-Day Vulnerability
  • securityonline.info: Apple Patches Actively Exploited Zero-Day Vulnerability
  • www.helpnetsecurity.com: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 'tmiss #0-day
  • Pyrzout :vm:: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 'tmiss #0-day
  • ciso2ciso.com: Apple fixed the first actively exploited zero-day of 2025 – Source: securityaffairs.com