Russia’s Federal Security Service (FSB) claimed on Thursday it had uncovered a U.S. National Security Agency (NSA) plot using previously unknown malware to access vulnerabilities in Apple iPhones. Lockdown Mode is the first major capability of its kind designed to offer an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security. Guy Faulconbridge for Reuters: The FSB, the main successor to the Soviet-era KGB, said several thousand Apple phones had been infected, including those of domestic Russian subscribers. The Russian spy agency also said telephones belonging to foreign diplomats based in Russia and the former Soviet Union, including those from Israel, Syria, China and NATO members, had been targeted. “The…

Russia says that the National Security Agency (NSA) has been spying on Russian officials and civilians using iPhone backdoor vulnerabilities created for the US by Apple.Moscow, RussiaThe NSA has previously tried to get public opinion on its side as it objects to Apple's refusal to give it access to user data. But now the Federal Security Office (FSB) of Russia claims that Apple has given the NSA backdoor access after all. Read more...

An Apple security fix in iOS 15.6.1 back in August of last year was said to close two major security vulnerabilities, one of which could have allowed a rogue app to execute arbitrary code with kernel privileges (aka do Very Bad Things). But it’s now been revealed that the more serious vulnerability wasn’t closed after all. Apple did succeed in blocking a specific way of exploiting the vulnerability, but didn’t address the root issue until last week’s iOS 16.5 update, some nine months later … more… The post Apple security fix didn’t address root cause – now corrected in iOS 16.5 appeared first on 9to5Mac.

Macworld Apple’s operating system updates always have important security patches, which is why we urge users to update as soon as possible. The recent iOS and iPadOS 16.5 update, however, has a unique security patch that is essentially a follow-up to a previous patch. A report by Jamf released on Monday details the ColdInvite vulnerability, which is filed as CVE-2023-27930 in the CVE Program database. ColdInvite “can be exploited to leverage the co-processor in order to obtain read/write privileges to the kernel,” according to Jamf. A bad actor can use ColdInvite to eventually gain control of the device. This hole was fixed in the 16.5 update. Interestingly, ColdInvite was discovered because of a previous vulnerability that Apple addressed last year…

Macworld Multiple iPhone and iPad owners have complained that Apple’s latest mobile software updates, iOS 16.5 and iPadOS 16.5, render their devices incompatible with Apple’s Lightning to USB 3 Camera Adapter. The accessory, which costs $39 from Apple’s store (or £45 from the U.K. store) was designed with older Lightning iPad Pro models in mind, enabling owners to transfer photos from a digital camera to their tablet for editing and sharing; more recent iPads are equipped with USB-C ports and consequently have less need for an adapter. But it’s compatible, in theory, with pretty much any Lightning iPhone or iPad, going back all the way to the iPhone 5 from 2012 and the original iPad mini. I say “in theory”…

Macworld On Thursday, Apple released a slew of updates that bring a few new features to the iPhone and Mac. But much more importantly, the updates include three critical zero-day patches for security vulnerabilities that are known to have been actively exploited. The most alarming of the bugs allow a hacker to access personal data and take over your device via a malicious app. The WebKit flaws span Apple’s family of devices and have been patched in iOS 16.5, iPadOS 16.5, watchOS 9.5, macOS 13.4, and tvOS 16.5, but also iOS/iPadOS 15.7.6, macOS Monterey 12.6.6, and macOS Big Sur 11.7.7, as well as Safari 16.5. All of the updates include the same five WebKit fixes, with three of them known…