Exploit

By MacRumors Staff

Exploit Articles

Google Chrome Material Icon 450x450

Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability

Friday February 5, 2021 2:08 am PST by
Google has released Chrome version 88.0.4324.150 with an important fix for a zero-day vulnerability in the web browser that the company says is likely to have been exploited in the wild. Google hasn't provided specific details about the heap buffer overflow memory corruption bug known as CVE-2021-21148, and says it won't do so "until a majority of users are updated with a fix." However, ZDNe...
awdl ios hack beer

iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones

Wednesday December 2, 2020 1:33 am PST by
Earlier this year, Apple patched an iOS vulnerability that potentially could have allowed hackers to remotely access a nearby iPhone and gain control of the entire device. Devised by Ian Beer, a researcher at Project Zero, Google's vulnerability research team, the exploit used a vulnerability in Apple Wireless Direct Link (AWDL), Apple's proprietary mesh networking protocol that enables...
t2checkm8 1

Apple's T2 Security Chip Vulnerable to Attack Via USB-C

Tuesday October 13, 2020 9:33 am PDT by
After it was reported last week that Apple's T2 Security Chip could be vulnerable to jailbreaking, the team behind the exploit have released an extensive report and demonstration. Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. It appears that since the chip is based on ...
t2checkm8 1

Apple's T2 Chip Has Unpatchable Security Flaw, Claims Researcher [Updated]

Tuesday October 6, 2020 3:46 am PDT by
Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers. Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other...
ipadprocamerabumps

Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari

Friday April 3, 2020 4:58 am PDT by
Apple paid out $75,000 to a hacker for identifying multiple zero-day vulnerabilities in its software, some of which could be used to hijack the camera on a MacBook or an iPhone, according to Forbes. A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting...
androidvulnerability

Android Security Flaw Let Apps Access People's Cameras for Secret Video and Audio Recordings

Tuesday November 19, 2019 12:09 pm PST by
A security flaw in Android smartphones from companies like Google and Samsung allowed malicious apps to record video, take photos, and capture audio, uploading the content to a remote server sans user permission. The vulnerability was discovered by security firm Checkmarx, and was highlighted today by Ars Technica. The flaw had the potential to leave high-value targets open to having their...
maxresdefault

Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program

Monday March 4, 2019 3:10 am PST by
A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac. Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all...
intel

Intel CEO Pledges Commitment to Security Following Meltdown and Spectre Vulnerabilities

Thursday January 11, 2018 3:46 pm PST by
Intel CEO Brian Krzanich today wrote an open letter to Intel customers following the "Meltdown" and "Spectre" hardware-based vulnerabilities that impact its processors. In the letter, Krzanich says that by January 15, updates will have been issued for at least 90 percent of Intel CPUs introduced in the past five years, with updates for the remainder coming at the end of January. For Apple...
C6 w vqU8AA hjw

Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017

Thursday March 16, 2017 3:13 am PDT by
The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes. Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of...
maxresdefault

Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts

Tuesday April 5, 2016 3:07 am PDT by
A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode. The YouTube video, uploaded by Jose Rodriguez and first spotted by The Daily Dot, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch,...
Safari OS X

Researchers Uncover Multiple OS X and Safari Exploits at Pwn2Own 2016

Thursday March 17, 2016 1:01 pm PDT by
The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop. On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and...
macbook air pro yosemite

OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

Monday January 26, 2015 8:47 am PST by
Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore has learned. According to the report, Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.To secure...