In a second attack on Hezbollah members, two-way radios detonated around Lebanon on Wednesday, causing injuries and multiple deaths.

With Hezbollah and Lebanon still reeling from a coordinated wave of pager explosions on Tuesday that killed at least 12 people and injured thousands, another bombardment began on Wednesday, this time taking the form of exploding two-way radios. Footage of the explosions, which was not independently confirmed by WIRED, appears to show even larger blasts than those that emanated from the booby-trapped pagers.

Lebanon’s official news agency also reported exploding home solar systems less than two hours after the radio detonations began on Wednesday, according to the Associated Press. Details of the alleged solar equipment attacks were still developing at the time of publication.

The walkie-talkie explosions appeared to have been orchestrated the same way as the attack on Tuesday, which was likely carried out by intercepting new pagers at some point in their journey through the supply chain and modifying them to add explosive material. Hezbollah had reportedly expanded its use of pagers recently in an attempt to secure communications after the group feared that other channels had been infiltrated by Israeli intelligence. Reuters reported on Wednesday that Hezbollah purchased the walkie-talkies about five months ago as part of the same initiative that led the group to purchase the pagers.

In a statement after Wednesday’s explosions, Lebanon’s Health Ministry said more than 300 people had been injured and nine people had died, with incidents being reported in several regions of the country. The Lebanese Red Cross said more than 30 ambulances were involved in the treatment of people injured.

Though details of Wednesday’s attack are still emerging, the perpetrator of Tuesday’s exploding pager operation is widely believed to be Israel. Fighting between Israel and Hezbollah, which is backed by Iran, has intensified over the past year since Hamas’ October 7 attack on Israel. On Tuesday, Hezbollah blamed Israel for the “criminal aggression that targeted civilians too.”

“I'm floored by the sophistication of this operation,” says Jake Williams, vice president of research and development at Hunter Strategy, who formerly worked for the US National Security Agency. “The scale of this supply chain compromise is unprecedented. It's hard to imagine what technology Hezbollah could consider ‘safe’ at this point.”

Photos and videos posted to social media on Wednesday appeared to show handheld radios, or walkie-talkies, in various states of destruction. In many of the images, the devices, which are larger and bulkier than smartphones, had one side of their casing removed. Middle East experts citing local media reports noted that cars, scooters, and even buildings appear to have been damaged by tampered devices.

“From what we are seeing, including images circulating on social media, the devices exploding are handheld radios, possibly an Icom model,” says Michael Horowitz, head of intelligence at the risk management company Le Beck International.

The second round of explosions on Wednesday indicates that whoever conducted the sabotage and attacks likely had deeply rooted access and knowledge of Hezbollah’s infrastructure and operations. “This shows an even deeper penetration that may have relied on multiple fronts and multiple vectors (different electronic devices and providers),” Horowitz says. “This is unheard of.”

Israel has not yet commented on any of the attacks, and the Israel Defense Forces did not immediately respond to WIRED’s request for comment about the second round of explosions.

The pagers that exploded on Tuesday were mostly Gold Apollo AR-924 model pagers, which the Taiwan-based company says were produced by a third-party firm, Hungary-based BAC Consulting. The New York Times reports that 1 to 2 ounces of explosive were inserted in the pagers before they were distributed to members of Hezbollah. A person listed as the CEO of BAC Consulting did not respond to WIRED’s request for comment. A Hungarian government spokesperson has claimed the company is a “trading intermediary” and does not have a “manufacturing or operational site in Hungary.”

Following the first round of explosions on Tuesday, Human Rights Watch called for an investigation, saying it was not possible to locate all the sabotaged pagers and, as a result, they could end up striking “military targets and civilians without distinction.”

“Customary international humanitarian law prohibits the use of booby traps—objects that civilians are likely to be attracted to or are associated with normal civilian daily use—precisely to avoid putting civilians at grave risk and produce the devastating scenes that continue to unfold across Lebanon today,” Lama Fakih, the group’s Middle East and North Africa director said in a statement.

US secretary of state Anthony Blinken on Wednesday denied the US had advance knowledge of Tuesday’s attack.

“The United States did not know about, nor was it involved in, these incidents,” he said at a conference in Cairo, Egypt. “We’re still gathering the information and gathering the facts.”

Walkie-Talkies Explode in New Attack on Hezbollah

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial

Penetration Testing / Automation

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial artwork? We continue to be amazed by what software can achieve—tasks we once thought were strictly human domains. Such is the surprise unfolding in the sphere of cybersecurity testing. Hold tight!

****Demystifying Penetration Testing****

If someone had told me 10 years ago that computer software could one day perform the work of an ethical hacker, I would have said 'No way, Jose'. Penetration testing—PT for short—is when experts mimic hackers to test a company's defenses. It's a critical practice, mandated by major regulatory bodies like PCI DSS, HIPAA, and DORA to ensure network safety. Yet, despite its critical role, PT has been conducted in much the same way for decades.

****We've Been Used to Paying the Bill****

Traditional PT doesn't come cheap, ranging from $30,000 for basic external web tests to $150,000 for complex cloud systems analyses. The process is lengthy, too often taking two to three months from the initial service request to final reporting, and only covering 5% to 10% of an organization's assets at each pass.

Now consider the new economics: for the price of a single manual pentesting exercise one can perform automated daily exercises with ten times the scope in each run throughout the year. The financial argument for automation is truly disruptive. With software the cost per test run turns from the price of a BMW M4 to the price of a pair of Air Jordan sneakers. It's that drastic.

****The Brief History of Security Validation****

While the broader cybersecurity field has seen rapid advancements, such as AI-driven endpoint security, PT has been slow to evolve. Pentera led the charge by introducing automated security testing capabilities back in 2015. That was the birth of algorithm-based security validation solutions. Its commercial debut was met with enthusiasm from a few early adopters and skepticism from many traditionalists. Nearly a decade later, Pentera, and several others, have expanded the envelope to fully automated infrastructure and application penetration testing with thousands of raving enterprise security professionals using the software daily.

****Embracing Automated Solutions****

The shift toward automation is gaining momentum, and the benefits of frequent and thorough testing are evident. While there's still a place for the expert work of a master pentester for application testing, physical-cyber attack paths, and other advanced and bespoke scenarios, the need for broad coverage and frequent checks is clear. When it comes to addressing the world's hundreds of millions of untested systems, software-based solutions offer unmatched efficiency and affordability. As cybersecurity challenges continue to grow, investing in automated PT isn't just a smart move—it's essential for maintaining robust security defenses without breaking the bank.

The Future of Cybersecurity Testing - is in Software. So, I ask: why pay a pentester?

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Why Pay A Pentester?

The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.
"The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end

Mobile Security / Encryption

The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.

"The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end encryption," Tom Van Pelt, technical director of GSMA, said.

"This will be the first deployment of standardized, interoperable messaging encryption between different computing platforms, addressing significant technical challenges such as key federation and cryptographically-enforced group membership."

The development comes a day after Apple officially rolled out iOS 18 with support for RCS in its Messages app, which comes with advanced features like message reactions, typing indications, read receipts, and high-quality media sharing, among others.

RCS, an improvement over the current SMS standard, is currently not end-to-end encrypted out of the box, prompting Google to implement the Signal protocol to secure RCS conversations on Android.

Earlier this year, Apple said it will work with GSMA members to integrate encryption. It's worth noting that the company's proprietary iMessage service is E2EE enabled.

"We look forward to continuing to collaborate across the mobile ecosystem to advance the RCS standard with interoperable end-to-end encryption to keep all RCS messages private and secure," Van Pelt said.

Google, last July, also revealed plans for baking the Message Layer Security (MLS) protocol to its Messages app for Android in order to facilitate interoperability across messaging services and platforms.

As recently as this month, Meta detailed its approach to enable interoperability with third-party messaging services in WhatsApp and Facebook Messenger as part of its efforts to comply with the E.U. Digital Markets Act (DMA) while maintaining E2EE guarantees "as far as possible."

"Building third-party chats is technically challenging and preserving privacy and security is a shared responsibility," the social media company said. "We have already come a long way, but there is a lot more to build."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.

Source: stLegat via Alamy Stock Photo

Stopping the spread of commercial spyware is shaping up to be too big of a job even for tech titans like Apple.

The company dropped its years-long legal effort against Pegasus spyware dealer NSO Group, declining to hand over sensitive threat intelligence that it said could be used by adversaries against its own security defenses.

Pegasus spyware is a zero-click espionage malware deployed against iPhones, including that of Russian journalist Galina Timchenko, among others.

Meanwhile, international governments continue to hammer individuals and entities affiliated with commercial spyware operations with sweeping sanctions that have have little effect, leaving the digital espionage market wide open for investors, operators, and dictators around the globe.

Cupertino's brass is also encouraged by the work the US, international governments, and the tech sector at large have done to fight the rise of commercial spyware, Apple explained in its Sept. 13 motion to dismiss.

"When it filed this lawsuit nearly three years ago, Apple recognized that it would involve sharing information with third parties," Apple said. "Because of the developments since this suit was filed, proceeding forward at this time would now present too significant a risk to Apple's threat intelligence program."

Apple laid out other factors in the changed the landscape that made it increasingly dangerous for the company to release sensitive information.

First, Apple claimed that in the years since it first brought legal action against NSO Group it has continued to develop its threat intelligence to actively defend its users from threat actors. Handing over details about how Apple fights spyware to known spyware operators would be a bad idea. Apple added that NSO Group had been stingy with disclosures it made during the case's discovery process.

Further, Apple noted the commercial spyware sector has become more decentralized and that NSO Group is no longer a single actor in the cyber-espionage space; any action against the Israeli company would simply strengthen other spyware sellers as authoritarian governments pivot from Pegasus to numerous competing spyware brands.

Finally, Apple explained to the court that international governments have come around in the past three years and taken up the fight against spyware and the threat it poses to human rights around the world.

**Spyware Sanctions Aren't Working**

As if on cue, the US Department of the Treasury dropped a new round of sanctions just days later, on Sept. 16, this time against what the department calls "enablers" of the Intellexa commercial spyware consortium, identified to be behind Predator spyware. Sanctioned individuals include Felix Bitzios, Andrea Nicola Constantino Hermes Gambazzi, Merom Harpaz, Panagiota Karaoli, Artemis Artemiou, and the Aliada Group Inc.

These sanctions prohibit any US transactions with those named as well as any entities in which they own 50% or more, bar them from obtaining a US visa, and more.

But research shows sanctions have had little impact on stymieing the broader commercial spyware market. Digital eavesdropping continues to be deployed against diplomats, journalists, and ordinary citizens and vendors while intelligence gatherers have improved their ability to operate in the shadows, easily gaming sanctions and restrictions.

This past March, two individuals and five entities the US government said were associated with Predator mobile spyware operators were sanctioned as a result of Predator's network and infrastructure's spread into Botswana and the Philippines.

Nonetheless, it seems the cost of stopping spyware in the courtroom is too high even for the deepest-pocketed actors like Apple. Instead Apple said it will dig in on defense and leave offense to the feds.

"Apple has made the decision to prioritize its expert security resources and advanced threat-intelligence program to continue to stop destructive spyware through technical methods," the company said.

Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets

Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

macOS Ventura 13.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121234.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accounts  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive user information  
Description: The issue was addressed with improved checks.  
CVE-2024-44129

App Intents  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive data logged when a  
shortcut fails to launch another app  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44182: Kirin (@Pwnrin)

AppKit  
Available for: macOS Ventura  
Impact: An unprivileged app may be able to log keystrokes in other apps  
including those using secure input mode  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-27886: Stephan Casas, an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with additional code-signing  
restrictions.  
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40814: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A library injection issue was addressed with additional  
restrictions.  
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An attacker may be able to read sensitive information  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40848: Mickey Jin (@patch1t)

Automator  
Available for: macOS Ventura  
Impact: An Automator Quick Action workflow may be able to bypass  
Gatekeeper  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-44128: Anton Boegler

bless  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44151: Mickey Jin (@patch1t)

Compression  
Available for: macOS Ventura  
Impact: Unpacking a maliciously crafted archive may allow an attacker to  
write arbitrary files  
Description: A race condition was addressed with improved locking.  
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-44177: an anonymous researcher

Game Center  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A file access issue was addressed with improved input  
validation.  
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may lead to a denial-of-service  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero  
Day Initiative, an anonymous researcher

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

IOSurfaceAccelerator  
Available for: macOS Ventura  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44169: Antonio Zekić

Kernel  
Available for: macOS Ventura  
Impact: Network traffic may leak outside a VPN tunnel  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44165: Andrew Lytvynov

Mail Accounts  
Available for: macOS Ventura  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service  
Description: A logic error was addressed with improved error handling.  
CVE-2024-44183: Olivier Levon

Notes  
Available for: macOS Ventura  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44167: ajajfxhj

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44178: Mickey Jin (@patch1t)

Safari  
Available for: macOS Ventura  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: This issue was addressed through improved state management.  
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox  
Available for: macOS Ventura  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Shortcuts  
Available for: macOS Ventura  
Impact: A shortcut may output sensitive user data without consent  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to observe data displayed to the user by  
Shortcuts  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

System Settings  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings  
Available for: macOS Ventura  
Impact: An app may be able to read arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Ventura 13.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboy2sACgkQX+5d1TXa  
IvoOmhAA1kPpqqhEBRbskSU4pFIfX+JY/MyIrnI+6pNgMk3CLhQ5SSx0aFS2tg/c  
We70hoiTA8eWMvRkYr8KYNriNstqCivg7iq84Gv4/ycJ9Hx4Zwj6pZh5If1H8y+Q  
3NVsvLgnmvnAb6W7MvpXtgma47vA5xRe2oefCNe6QbcC2qnQ2xaspBZtH805IkAi  
WznXdr7UXmjJyfjlgp2FifyiLYQoPXPGFOLKkBURDCxaH4SJidgvzxerU+B+1ju9  
dqW29eQwTjG+qhXncTuxfUSuQ5s7g5XfVqfvcTQihUk+ZjWaMYOaUT2UYlAgDfg5  
Mq35kP/Hvh8zmf+Ryufl3D+qfKpyVUUJUKu+kEMbOIoIMkCzM4F0G30czaKiGCA+  
tJCEtsY/oxcbEcy8DLQbesPCv5Hf1Gv2fMkP3p/6CAYqXQ1mXQF0Vm2erKRqS+yD  
N2+M+r/GFzvK4i9bf6j10kDgv9PRxPs+pH9zuU85cwhT+jZzr2dkvTC9p+mI+5CJ  
AZ7ZMgTLbXDw2M4d4e6mEV3XbJ5ebNqQv9t0Hfbg3pf8YVEeAO0casIPopLK6fqi  
uS7gn/3PL9C1HS2gqlekYuwiP0DSleKk9qCDUVVfmAAxTA1vHKvtvlRBO0ykN7HI  
NmX+8AuFy8jnZRmZWXIbav1/EdWYg7e5SLCD+pemYLcMYSoSNXg=  
=YxVI  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-10

Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121247.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved permissions logic.  
CVE-2024-44153: Mickey Jin (@patch1t)

App Intents  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive data logged when a  
shortcut fails to launch another app  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44182: Kirin (@Pwnrin)

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-40846: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative  
CVE-2024-40845: Pwn2car working with Trend Micro Zero Day Initiative

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A memory initialization issue was addressed with improved  
memory handling.  
CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with additional code-signing  
restrictions.  
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A library injection issue was addressed with additional  
restrictions.  
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An attacker may be able to read sensitive information  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40848: Mickey Jin (@patch1t)

AppleVA  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2024-40841: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppSandbox  
Available for: macOS Sonoma  
Impact: An app may be able to access protected files within an App  
Sandbox container  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44135: Mickey Jin (@patch1t)

Automator  
Available for: macOS Sonoma  
Impact: An Automator Quick Action workflow may be able to bypass  
Gatekeeper  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-44128: Anton Boegler

bless  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44151: Mickey Jin (@patch1t)

Compression  
Available for: macOS Sonoma  
Impact: Unpacking a maliciously crafted archive may allow an attacker to  
write arbitrary files  
Description: A race condition was addressed with improved locking.  
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-44177: an anonymous researcher

Game Center  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A file access issue was addressed with improved input  
validation.  
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-27880: Junsung Lee

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may lead to a denial-of-service  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero  
Day Initiative, an anonymous researcher

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

IOSurfaceAccelerator  
Available for: macOS Sonoma  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44169: Antonio Zekić

Kernel  
Available for: macOS Sonoma  
Impact: Network traffic may leak outside a VPN tunnel  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44165: Andrew Lytvynov

Mail Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service  
Description: A logic error was addressed with improved error handling.  
CVE-2024-44183: Olivier Levon

Notes  
Available for: macOS Sonoma  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44167: ajajfxhj

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44178: Mickey Jin (@patch1t)

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: This issue was addressed through improved state management.  
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to leak sensitive user  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44125: Zhongquan Li (@Guluisacat)

Security Initialization  
Available for: macOS Sonoma  
Impact: An app may be able to access protected user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40801: Zhongquan Li (@Guluisacat), Pedro José Pereira Vieito  
(@pvieito), an anonymous researcher

Shortcuts  
Available for: macOS Sonoma  
Impact: A shortcut may output sensitive user data without consent  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to observe data displayed to the user by  
Shortcuts  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

sudo  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40860: Arsenii Kostromin (0x3c3e)

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to read arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Sonoma 14.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboywEACgkQX+5d1TXa  
IvrDjxAA2tgRLOOTvFpZrVW/HEBxwCFUn7UkzXyfgUTuqntjSvmsc/pyVmPDpnOM  
UnLhZ4d3B6v44MSelhxSbomtGkggQfYAvcNmlPDk+yMMS0K5yRBJ3dobEt4e53Wj  
9DQl2cQfHxop3uaLRFRTRy5Wk46xIZcsPS3Obb0kLAZpnzD1K2UQ5tIgEVF2ETqi  
SaRlrjqsgiauG/qZ8pzJjQSB1/iNBJCf4TBMBmHHJ91zAVOiYxvVcIAcBl1cBK4m  
UU6Z0vF1NmNCTAu/8KPP0Y6AD5tM7ZrkotU1yTP8uey4r3Ec8XrZqzhTH05sMI5V  
Xt98UeRNl2EJQAJR2Wjfsa2u255SvJ9VJpOGpTff9npsP5c6a7fup2mcKSVmCJHG  
FxFoU9WC2Lx2fsb7kBZXx5y4+/lwKBh8gQBkqOB4vttUZIYwp/rwXJtBvwkSb3E+  
2MTYly0SAAAbwrGoImKsskbiOxB+Ebry2cZ4Rg8rKKwQIfpjpgCb2U97Ue1zCU/S  
lHCObpyD0HtDD13zYw3NXfbrcWS195WhLdgtVl9XJz90pQQwdcINzubGhILmabpl  
Q+QXoSuKNi0ooy9qO8yEmQdzF0swD/FZMqTmF6FFtFby4NpY6ooapHHyhJOGeqSn  
/Poj2T/Ay/xaX7VL2fUPU9n0KTNtp+HgvgpzMX31HpBNXo/96Eo=  
=YUrh  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-9

Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7iOS 17.7 and iPadOS 17.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121246.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to a locked device may be ableto Control Nearby Devices via accessibility featuresDescription: This issue was addressed through improved state management.CVE-2024-44171: Jake DerouinCompressionAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Unpacking a maliciously crafted archive may allow an attacker towrite arbitrary filesDescription: A race condition was addressed with improved locking.CVE-2024-27876: Snoolie Keffaber (@0xilis)Game CenterAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A file access issue was addressed with improved inputvalidation.CVE-2024-40850: Denis Tokarev (@illusionofcha0s)ImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to unexpected appterminationDescription: An out-of-bounds read issue was addressed with improvedinput validation.CVE-2024-27880: Junsung LeeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: An out-of-bounds access issue was addressed with improvedbounds checking.CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro ZeroDay Initiative, an anonymous researcherIOSurfaceAcceleratorAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause unexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2024-44169: Antonio ZekićKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Network traffic may leak outside a VPN tunnelDescription: A logic issue was addressed with improved checks.CVE-2024-44165: Andrew LytvynovKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may gain unauthorized access to BluetoothDescription: This issue was addressed through improved state management.CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy VanhoefMail AccountsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access information about a user's contactsDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)mDNSResponderAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause a denial-of-serviceDescription: A logic error was addressed with improved error handling.CVE-2024-44183: Olivier LevonSafari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Private Browsing tabs may be accessed without authenticationDescription: This issue was addressed through improved state management.CVE-2024-44127: Anamika AdhikariShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A shortcut may output sensitive user data without consentDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44158: Kirin (@Pwnrin)ShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to observe data displayed to the user byShortcutsDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSeaSync ServicesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed with improved checks.CVE-2024-44164: Mickey Jin (@patch1t)TransparencyAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A permissions issue was addressed with additionalrestrictions.CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)UIKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected app terminationDescription: The issue was addressed with improved bounds checks.CVE-2024-27879: Justin CohenThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7 and iPadOS 17.7".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmbo1AEACgkQX+5d1TXaIvr0LBAAn28J4FgN4GG7wRGwiXT2GIy0vuGDc8bbNiezEqpkSL1XtjFl0e4ChhtB7VWnEhCd2yq/6iy7yak3EiKuYngQZ79O3dBERviNFgM5pK8hxX46WR3K/M69U9iOszkmaOOE81mTiAKCjy4MP8qMsvHY79ZA0r9Bl2aJCQJMAscs4mQ+Gfy2OAWDHKrGd1iapLxp2jQRVDlguKL8slJDIql3LD2anZ/4qob9cnE9b2z0g0r8Iv/vjlZXdOseGx7TqQ/kWlg6rBHf9KhSjr+ipFfvFYJ9O+QCAcwgtilPkRmD4q3MiCZqG234qhmB4ZVrW3NrJQVR4ACF8e+tnB79pcXeVMvhytpUdY+fAxffihkbLzIydI5EriuAvtpitmI3hwqLwJBwHOSDroCOs6kIkDL4RXVCSkIuwiRfa/hWxVJE9lYQxUCH7vR4KomrwnuB7hhN3oqeRgXqtB1HcJ8Elu3KnA8rebF1X1TcMqTc5LbqZwCPDOAU07HfTVBaxWlLh0NfmXq2JIE+yozNTOySEvggfYiXL5JopRXocF0YWne63OoA0vhvljQhEClQRQifB4daPnmyxxJOWFhqY8dMcnrfb0xXB5OyxZFG1AiGLjg5qaSQYMAZoJvImuTVwFSKuKBHs7ahXn7EVojoe7m9WEiRqCXiORHmT6BF3vmWidni5Xs==J1rf-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-8

Apple has released iOS 18. We discuss the new privacy and security related features like the very handy Passwords app.

On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements.

One of the most promising new features is the new Passwords app. Built on the foundation of Apple’s password management system Keychain, Passwords makes it easier for users to access stored passwords and get an overview of their credentials.

Passwords App

One thing we often hear when we recommend the use of a password manager is that it’s too complicated. And, admittedly, many of them come with a learning curve. But Apple has made some steps in the right direction here.

Apple will also warn users if their credentials have been caught up in a data breach, so users can change their compromised password. In addition, users who have a weak password, or one that’s been used before, will be warned to pick a better one. Current users of the AutoFill function should notice how their passwords have automatically been added to the Passwords app.

iOS 18 also provides users with new tools to manage who can see their apps, how their contacts are shared, and how their iPhone connects to accessories. One of those tools allows users to adjust settings so that app notifications and content can’t inadvertently be seen by others. Another new feature is the ability to hide an app, which basically moves it to a locked, hidden apps folder that only the main user has access to. The basic functional apps can’t be hidden, but generally speaking if it’s on the App Store it can be hidden.

Hidden apps can be locked and unlocked with Face ID, Touch ID, or the device passcode, although there are a few exceptions. Account holders under age 13 can’t lock or hide an app so they can’t use it to dodge a parent’s watchful eye. Users between the ages of 13 and 18 can use these functions, but parents can still see what apps were downloaded and how much they are used.

Contact sharing is a lot more configurable, which makes life easier for those of us who use their device for work and private matters. Say, for example, a person uses an app solely for work, he might decide to share only work-related contacts with that app. Access can be updated as desired. Apple users can now see at a glance how many apps have access to data like location services, tracking, calendars, files and folders, contacts, and health information. When they tap on a particular category, users see a list of which apps have what level of access, such as limited or full.

Location services access overview

iOS 18 also prepares your device for Apple Intelligence which is expected next month.  

> “Apple Intelligence, the personal intelligence system that combines the power of generative models with personal context to deliver intelligence that is incredibly useful and relevant while protecting users’ privacy and security.”

Apple Intelligence is an artificial intelligence (AI) platform developed by Apple. Its features include on-device processing so it’s aware of your personal data, but doesn’t require Apple to collect or store it, and a new complex system designed to draw on larger server-based models to handle more complex requests, while still protecting user privacy.

I realize this sounds a lot like Microsoft’s Recall feature which was delayed after privacy and security concerns. We haven’t seen any pushback of that magnitude for Apple Intelligence. The main difference here are the regular “screenshots” that Microsoft wanted to deploy to help users later.

The privacy protections Apple promises can be important to users who want to have access to AI but are concerned about having their private data used to train models, which is something even AI enthusiasts are worried about to some extent.

To take those worries away, Apple created Private Cloud Compute (PCC), a cloud intelligence system designed specifically for private AI processing, which Apple says extends the privacy and security of Apple devices into the cloud.

A handy change for some users might be the new guest access for the Home app, which makes it easier for other members of your household to use your device to control any accessories connected to the Home app.

One safety feature I’m not that thrilled about is the Activation Lock. The Activation Lock feature is intended to block unauthorized repairs with parts from other iPhones and deter the resale of stolen components. It will link key parts like batteries, cameras, and displays to the original owner’s Apple account, making it harder to use or sell stolen parts. I fear this will only make it harder for users to go outside the channels under Apple’s control to get their devices repaired.

More new features of iOS 18 are discussed at length in this Apple newsroom article.

To check if you’re using the latest software version, go to **Settings** > **General** > **Software Update**. You want to be on iOS 18.0 or iPadOS 18.0, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

Available update

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 iOS 18 is out. Here are the new privacy and security features 

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.
"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.

"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith.

"We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards."

The sanctioned individuals and entities are listed below -

*   Felix Bitzios, the beneficial owner of an Intellexa Consortium company that's believed to have supplied Predator to a foreign government client and the manager of Intellexa S.A.

*   Andrea Nicola Constantino Hermes Gambazzi, the beneficial owner of Thalestris Limited and Intellexa Limited, which are both members of the Intellexa Consortium

*   Merom Harpaz, a top executive of the Intellexa Consortium and the manager of Intellexa S.A.

*   Panagiota Karaoli, director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited

*   Artemis Artemiou, an employee of Intellexa S.A., as well as the general manager and member of the board of Cytrox Holdings, another member of the Intellexa Consortium

*   Aliada GroupInc., a British Virgin Islands-based company and member of the Intellexa Consortium has facilitated tens of millions of dollars of transactions

Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium, the Treasury said, adding that Aliada Group is directed by Tal Jonathan Dilian, the founder of the Intellexa Consortium.

The department described the consortium as a "complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products."

The development comes a little over six months after the Treasury sanctioned Dilian, Sara Aleksandra Fayssal Hamou, and five other entities, including Intellexa S.A., on similar grounds.

It also follows a resurgence of Predator spyware activity after a period of relative silence by likely customers in Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia using new infrastructure that's designed to evade detection.

"The latest evolution of Predator infrastructure includes an additional tier in its delivery infrastructure to improve customer anonymization and enhanced operational security in its server configurations and associated domains," Recorded Future said.

"Although Predator spyware operators have changed significant aspects of their infrastructure setup, including changes that make country-specific attribution more challenging, they have largely retained their mode of operation."

It also follows Apple's decision to file a motion to dismiss its lawsuit against NSO Group for reasons that court disclosures could endanger its efforts to combat spyware, that there are steps being taken to avoid sharing information related to the Pegasus spyware, and that the impact could be diluted as a result of an expanding spyware market with new emerging players.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.

Clipper malware, also called **ClipBankers**, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker's control.

In doing so, digital asset transfers initiated on a compromised system are routed to a rogue wallet instead of the intended destination address.

"In clipping and switching, a cryware monitors the contents of a user's clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address," the tech giant noted way back in 2022. "If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipboard with the attacker's address."

Binance, in an advisory issued on September 13, 2024, said it has been tracking a widespread malware threat that intercepts data stored in the clipboard with an aim to swap out cryptocurrency wallet addresses.

"The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users," the exchange said. "The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant."

There is evidence to suggest that these malicious apps are inadvertently installed by users when searching for software in their native languages or through unofficial channels, primarily due to restrictions in their countries.

The company also said it's taking steps to blocklist the attacker addresses to prevent further fraudulent transactions, and that it has notified affected users, advising them to check for signs of suspicious software or plugins.

Besides urging users to refrain from downloading software from unofficial sources, Binance is calling for exercising caution when it comes to installing apps and plugins and ensuring they are authentic.

Blockchain analytics firm Chainalysis revealed last month that aggregate illicit activity on-chain has dropped by nearly 20% year-to-date, although stolen funds inflows nearly doubled from $857 million to $1.58 billion.

"Scammers for the most part continue to pivot away from broad-based ponzi schemes to more targeted campaigns like pig butchering, work from home scams, drainers, or address poisoning," it said, adding it observed a "rise in the use of Chinese language marketplaces and laundering networks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#ios