* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, September 8, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Monumental Sports & Entertainment Sets Corporate Direction at Nasdaq – PR Newswire

    Monumental Sports & Entertainment Reveals Bold New Corporate Vision at Nasdaq

    The Secret to What Made ‘CarJack’ Work on As the World Turns – yahoo.com

    The Surprising Secret Behind ‘CarJack’s’ Success on As the World Turns

    Victor Garber on his viral “And Just Like That” toilet scene: ‘I was delighted to be doing something ridiculous’ (exclusive) – yahoo.com

    Victor Garber on his viral “And Just Like That” toilet scene: ‘I was delighted to be doing something ridiculous’ (exclusive) – yahoo.com

    Pendulum Announce Homecoming 2026 Australian Tour – yahoo.com

    Pendulum Announces Thrilling Homecoming Tour Across Australia in 2026

    ITV Studios Launches New Entertainment Label – Global Bulletin – IMDb

    ITV Studios Unveils Exciting New Entertainment Label

    TS Entertainment bringing Malibu Jack’s to former Owensboro mall – Lane Report

    TS Entertainment Launches Malibu Jack’s at Former Owensboro Mall Location

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    AI will reshape internet, create jobs in West Virginia says High Technology Foundation’s Estep – WV News

    How AI Is Set to Transform the Internet and Boost Job Growth in West Virginia

    Industry partner provides Ferris State Plastics Engineering Technology students with state-of-the-art equipment to gain in-demand skills – Ferris State University

    Industry Partner Equips Ferris State Plastics Engineering Students with Cutting-Edge Technology to Boost In-Demand Skills

    Health Technology Ecosystem – Centers for Medicare & Medicaid Services | CMS (.gov)

    Discover the Future of Health Technology: Innovations Revolutionizing Patient Care

    Coherent Joins LLNL’s STARFIRE Diode Technology Working Group to Advance Inertial Fusion Energy – GlobeNewswire

    Coherent Partners with LLNL’s STARFIRE Team to Drive Breakthroughs in Inertial Fusion Energy

    Gene Associated With Deadly Heart Disease in Golden Retrievers Identified – Technology Networks

    Breakthrough Discovery Uncovers Gene Behind Deadly Heart Disease in Golden Retrievers

    Monkey Island LNG Picks ConocoPhillips’ Liquefaction Technology – Hart Energy

    Monkey Island LNG Selects ConocoPhillips’ Advanced Liquefaction Technology for Next-Gen Energy Solutions

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Monumental Sports & Entertainment Sets Corporate Direction at Nasdaq – PR Newswire

    Monumental Sports & Entertainment Reveals Bold New Corporate Vision at Nasdaq

    The Secret to What Made ‘CarJack’ Work on As the World Turns – yahoo.com

    The Surprising Secret Behind ‘CarJack’s’ Success on As the World Turns

    Victor Garber on his viral “And Just Like That” toilet scene: ‘I was delighted to be doing something ridiculous’ (exclusive) – yahoo.com

    Victor Garber on his viral “And Just Like That” toilet scene: ‘I was delighted to be doing something ridiculous’ (exclusive) – yahoo.com

    Pendulum Announce Homecoming 2026 Australian Tour – yahoo.com

    Pendulum Announces Thrilling Homecoming Tour Across Australia in 2026

    ITV Studios Launches New Entertainment Label – Global Bulletin – IMDb

    ITV Studios Unveils Exciting New Entertainment Label

    TS Entertainment bringing Malibu Jack’s to former Owensboro mall – Lane Report

    TS Entertainment Launches Malibu Jack’s at Former Owensboro Mall Location

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    AI will reshape internet, create jobs in West Virginia says High Technology Foundation’s Estep – WV News

    How AI Is Set to Transform the Internet and Boost Job Growth in West Virginia

    Industry partner provides Ferris State Plastics Engineering Technology students with state-of-the-art equipment to gain in-demand skills – Ferris State University

    Industry Partner Equips Ferris State Plastics Engineering Students with Cutting-Edge Technology to Boost In-Demand Skills

    Health Technology Ecosystem – Centers for Medicare & Medicaid Services | CMS (.gov)

    Discover the Future of Health Technology: Innovations Revolutionizing Patient Care

    Coherent Joins LLNL’s STARFIRE Diode Technology Working Group to Advance Inertial Fusion Energy – GlobeNewswire

    Coherent Partners with LLNL’s STARFIRE Team to Drive Breakthroughs in Inertial Fusion Energy

    Gene Associated With Deadly Heart Disease in Golden Retrievers Identified – Technology Networks

    Breakthrough Discovery Uncovers Gene Behind Deadly Heart Disease in Golden Retrievers

    Monkey Island LNG Picks ConocoPhillips’ Liquefaction Technology – Hart Energy

    Monkey Island LNG Selects ConocoPhillips’ Advanced Liquefaction Technology for Next-Gen Energy Solutions

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

September 23, 2023
in Technology
Apple squashes security bugs after iPhone flaws exploited by Predator spyware
Share on FacebookShare on Twitter

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.

The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as three CVE-listed flaws. We’ve just learned today that the Predator spyware sold by Intellexa used these vulnerabilities to infect at least one target’s iPhone.

The bugs are:

CVE-2023-41991: According to Apple, “a malicious app may be able to bypass signature validation,” and was fixed by correcting “a certificate validation issue.”

CVE-2023-41992: This is a kernel-level privilege escalation hole that was fixed “with improved checks.” This can be abused by rogue applications and users to gain the necessary privileges to take full control of a device.

CVE-2023-41993: Apple said “processing web content may lead to arbitrary code execution,” which again was addressed “with improved checks.” A maliciously crafted webpage could exploit this when someone browses that page on a vulnerable device. We could see these bugs being chained together: a webpage could inject code that elevates its privileges to kernel level to take over a system, for instance.

Each bug, according to Apple, “may have been actively exploited against versions of iOS before iOS 16.7.” However, due to the way the iGiant’s various products share various bits of the same code, it’s not just iPhones and iOS that are vulnerable: other Apple gear is affected and ought to be patched so that further exploitation is prevented.

Here’s what’s affected by the above flaws that Apple is willing to patch up:

macOS Monterey 12.7: CVE-2023-41992 [advisory]

macOS Ventura 13.6: CVE-2023-41991 and CVE-2023-41992 [advisory]

watchOS 9.6.3: CVE-2023-41991 and CVE-2023-41992 (Affecting Apple Watch Series 4 and later) [advisory]

watchOS 10.0.1: CVE-2023-41991 and CVE-2023-41992 (Affecting Apple Watch Series 4 and later) [advisory]

iOS 16.7 and iPadOS 16.7: CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 (Affecting iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later) [advisory]

iOS 17.0.1 and iPadOS 17.0.1: CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 (Affecting iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later) [advisory]

Safari 16.6.1: CVE-2023-41993 (Affecting macOS Big Sur and Monterey) [advisory]

Those security holes were, Apple said, found and privately reported to the Mac giant by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School in Canada, and by Maddie Stone of Google’s Threat Analysis Group (TAG).

We asked Google and Citizen Lab for more information about potential or actual exploitation of these bugs, such as how people’s devices are being attacked.

Just as we were writing up this article, Google got back to us with this advisory by Stone, who said Intellexa’s Predator snoopware abused the bugs on iOS to infect at least one iPhone.

According to the Googler, the web giant and Citizen Lab – which are both openly concerned about commercial spyware – discovered and reported evidence of this exploitation last week to Apple to address.

We’re told that if a customer of Intellexa wished to target a netizen for surveillance, that target’s non-secure HTTP traffic would be somehow intercepted in a man-in-the-middle attack so that their iPhone’s Safari browser would be silently redirected to servers operated by the spyware’s vendor. If the visitor was determined to be the desired target, those servers would then return pages that would exploit CVE-2023-41993 in the iPhone’s browser to achieve remote code execution.

Then CVE-2023-41991 would be used to bypass pointer authentication code (PAC) protections, which use cryptographic signatures in the upper bits of memory pointers to thwart certain kinds of exploits. We’re promised a detailed write-up later from Google if you’re interested in how that works.

Finally, CVE-2023-41992 is used to gain execution within the OS kernel, and a small payload is run to again check that the target is the correct one and if so, bring in the main Predator executable, which would then have full run of the phone, allowing it to steal data and snoop on the user for Intellexa’s client.

Grab those updates: Microsoft flings out fixes for already-exploited bugs

That critical vulnerability might not be the first you should patch

Patch now? Why enterprise exploits are still partying like it’s 1999

Intellexa was added to the US entity list in July as a national security threat, making it hard for the European biz to do business with America and its allies.

“This campaign is yet another example of the abuses caused by the proliferation of commercial surveillance vendors and their serious risk to the safety of online users,” Stone wrote today.

“TAG will continue to take action against, and publish research about, the commercial spyware industry, as well as work across the public and private sectors to push this work forward.

“We would like to acknowledge and thank The Citizen Lab for their collaboration and partnership in the capturing and analysis of these exploits, and Apple for deploying a timely patch for the safety of online users.”

She also urged people to use secure HTTPS rather than insecure HTTP where possible, as that would help prevent the aforementioned redirects.

That’s not all as Stone revealed that Google had also noticed someone installing Predator “on Android devices in Egypt” using an exploit chain. One bug in that chain was CVE-2023-4762, a flaw in Chrome that was patched on September 5 – following a separate bug report from a researcher – and had been earlier used by Predator as a zero-day.

Finally, from Apple there is a security-level update for iOS 17.0.2 for iPhone 15 that has no details or CVEs assigned to it. ®

Tell your friends

Some readers ask us if they can support The Register through some kind of subscription. The best way to back El Reg and keep our journalism flowing is to spread the word on social media, tell a colleague, sign up for a Register account and our newsletters, and comment away on articles.

Find and share us on Bluesky, LinkedIn, and Twitter. Tip us off with news. And thank you for reading.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/09/22/apple_emergency_patches/

Tags: Applesquashestechnology
Previous Post

The Fall of the House of Usher Is an Exquisite Corpse of Poe’s Best Work

Next Post

IBM’s Weather Company leaked my personal info to analytics, thunders netizen

Cancer risk according to lifestyle risk score trajectories: a population-based cohort study – Nature

Cancer risk according to lifestyle risk score trajectories: a population-based cohort study – Nature

September 8, 2025
AI will reshape internet, create jobs in West Virginia says High Technology Foundation’s Estep – WV News

How AI Is Set to Transform the Internet and Boost Job Growth in West Virginia

September 8, 2025
University of Missouri changes student ticket claim process to lottery – KOMU 8

University of Missouri Launches Exciting New Lottery System for Student Ticket Claims

September 8, 2025
Poland vs Finland: UEFA World Cup Qualifiers stats & head-to-head – BBC

Poland vs Finland: Key Stats and Head-to-Head Showdown in UEFA World Cup Qualifiers

September 8, 2025
Putin Ally Issues Dire Warning About Russian Economy – Newsweek

Putin Ally Issues Stark Warning About Russia’s Economic Future

September 8, 2025
Monumental Sports & Entertainment Sets Corporate Direction at Nasdaq – PR Newswire

Monumental Sports & Entertainment Reveals Bold New Corporate Vision at Nasdaq

September 8, 2025
Trump’s new law will limit payments to hospitals that treat low-income patients – Stateline

Trump’s New Law Targets Major Cuts to Payments for Hospitals Serving Low-Income Patients

September 8, 2025
WATCH: Trump says ‘we’re not going to war’ with Chicago after threatening city on social media – PBS

Trump Reassures: ‘We’re Not Going to War’ with Chicago Despite Earlier Social Media Threats

September 8, 2025
Six Acclaimed Artists Interpret Ecology and the Landscape for ‘Ground/work 2025’ – thisiscolossal.com

Six Acclaimed Artists Interpret Ecology and the Landscape for ‘Ground/work 2025’ – thisiscolossal.com

September 7, 2025
This Stanford computer science professor went to written exams 2 years ago because of AI. He says his students insisted on it – Fortune

Stanford Professor Returns to Written Exams After Students Demand It Amid AI Rise

September 7, 2025

Categories

Archives

September 2025
MTWTFSS
1234567
891011121314
15161718192021
22232425262728
2930 
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (812)
  • Economy (830)
  • Entertainment (21,708)
  • General (16,919)
  • Health (9,872)
  • Lifestyle (844)
  • News (22,149)
  • People (832)
  • Politics (837)
  • Science (16,040)
  • Sports (21,330)
  • Technology (15,811)
  • World (812)

Recent News

Cancer risk according to lifestyle risk score trajectories: a population-based cohort study – Nature

Cancer risk according to lifestyle risk score trajectories: a population-based cohort study – Nature

September 8, 2025
AI will reshape internet, create jobs in West Virginia says High Technology Foundation’s Estep – WV News

How AI Is Set to Transform the Internet and Boost Job Growth in West Virginia

September 8, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version