08-24-2022, 12:52 AM
Quote:Apple Inc. and a top U.S. cybersecurity agency are urging iPhone, iPad, and Macbook users and administrators to update their iOS software following the recent discovery of security vulnerabilities.
...
Users and administrators are urged to review Apple’s security updates page and apply the updates—MacOS Monterey 12.5.1, iOS 15.6.1, iPadOS 15.6.1, or Safari 15.6.1—as soon as possible.
...
The vulnerabilities could allow hackers to gain “full admin access” to the device.
That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security, in an interview with The Associated Press.
Security experts have advised users to update affected devices—the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.
“The flaws were found in the kernel, a program at the core of the OS (CVE-2022-32894) and WebKit, the engine that powers the Safari web browser (CVE-2022-32893). Both flaws allow hackers to remotely execute malicious code on your iPhone, iPad, or Mac and potentially take over your device,” according to Forbes tech security writer Gordon Kelly.
So don't forget to update your iOS any time soon!
Quote:The researchers at Google’s Threat Analysis Group, who dubbed the tool “HYPERSCRAPE,” detected the malicious program in December 2021. The Iranian hackers appear to have deployed it against fewer than two dozen accounts located in Iran, according to Ajax Bash, a Google security engineer.
While the oldest known sample dates to 2020, the tool remains under active development, Bash said.
Google took action to secure the affected accounts and notify the victims, Bash said. It’s not clear whether the Iranian hackers actually deployed the code against Yahoo or Outlook email accounts.
The program is likely associated with Charming Kitten, a prolific cyber espionage operation believed to operate under the Iranian Revolutionary Guard Corps, with aspects of its activity tracked variously as APT35, TA453, Phosphorus, ITG18 and Cobalt Illusion. Researchers with cybersecurity firm Secureworks said in May that elements of the group also carry out ransomware attacks, revealing financial motives alongside its traditional espionage role.
...
For the tool to work, victims either need to be logged into their account or the attackers need their credentials, Bash wrote. Once inside, the tool changes the account’s language settings to English, downloads individual emails and then marks them as unread. The program also deleted any security emails from Google triggered by the activity, Bash wrote.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE