Apple backports zero-day patches to older iPhones and Macs, releasing updates for vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085. Security updates for the latest operating systems address numerous flaws. Users are urged to apply updates promptly to mitigate potential attacks.
Phishing platform ‘Lucid,' operated by the XinXin group, targets 169 entities across 88 countries using iMessage and RCS for SMS attacks. Sold on a subscription model, it provides phishing domains and tools to attackers. Lucid sends 100,000 smishing messages daily, bypassing spam filters with encrypted messaging tech. The operation employs device farms and impersonates legitimate services to steal personal data, including financial information, often demonstrating ease of use through public videos.
FBI warns iPhone and Android users about AI-powered deepfake scams. Users should hang up on suspicious calls and create a secret code for verification with close family to combat voice cloning threats. Social media poses risks as it provides voice samples for cybercriminals. Ongoing AI attacks are reshaping crime, making scams increasingly sophisticated and difficult to detect.
Apple patched a zero-day vulnerability in iOS and iPadOS exploited in “extremely sophisticated” targeted attacks. The issue, affecting various iPhone and iPad models, potentially allowed misuse of USB Restricted Mode. Users are urged to update their devices to prevent ongoing attacks, as previous zero-days have been linked to spyware targeting high-risk individuals.
Vulnerabilities in Apple chips (A- and M-series) allow side-channel attacks, FLOP and SLAP, to leak sensitive data from browsers like Chrome and Safari. FLOP exploits the load value predictor to steal memory contents, affecting data from services like Gmail and iCloud, while SLAP targets the load address predictor, limited to Safari. Devices from 2021 onwards are affected. Researchers indicated potential mitigations, and Apple intends to address the issues, though they don't view them as immediate threats.
Apple users must update devices to fix a zero-day vulnerability actively exploited in iOS. Affected devices include iPhone XS and newer, certain iPads, macOS Sequoia, Apple Watch Series 6+, and Apple TV models. Users should check for updates in Settings and consider enabling Automatic Updates. The vulnerability, tracked as CVE-2025-24085, allows privilege escalation via a misuse of memory in Core Media.
iOS 18.3 and iPadOS 18.3 security update released January 27, 2025, addresses multiple vulnerabilities affecting recent devices. Key fixes involve potential unauthorized access, denial-of-service risks, and privilege escalation. Each vulnerability is linked to specific CVE-ID, and Apple prioritizes user safety by withholding details until patches are available. For further details, consult the Apple security releases page.
Phishing texts are tricking Apple iMessage users into disabling phishing protection by prompting them to reply to messages. Users who respond to these texts inadvertently enable links, making them vulnerable to attacks. Cybercriminals exploit this tactic, especially targeting individuals who may be less aware of such scams. It's advised not to respond to unknown messages with disabled links and to verify their legitimacy directly with the sender.
