Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-28-2024-2 iOS 17.7.1 and iPadOS 17.7.1iOS 17.7.1 and iPadOS 17.7.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121567.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to a locked device may be ableto view sensitive user informationDescription: The issue was addressed with improved authentication.CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, JakeDerouinCoreTextAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted font may result in thedisclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeFoundationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved inputvalidation.CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing an image may result in disclosure of process memoryDescription: This issue was addressed with improved checks.CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day InitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted message may lead to a denial-of-serviceDescription: The issue was addressed with improved bounds checks.CVE-2024-44297: Jex AmroKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44239: Mateusz Krzywicki (@krzywix)Managed ConfigurationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail AmzdakMobileBackupAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: A logic issue was addressed with improved file handling.CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill(@jjtech@infosec.exchange)SafariAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Maliciously crafted web content may violate iframe sandboxingpolicyDescription: A custom URL scheme handling issue was addressed withimproved input validation.CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Safari DownloadsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to misuse a trust relationship todownload malicious contentDescription: This issue was addressed through improved state management.CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to unexpected appterminationDescription: A buffer overflow was addressed with improved sizevalidation.CVE-2024-44144: 냥냥SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to heapcorruptionDescription: This issue was addressed with improved checks.CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A malicious app may use shortcuts to access restricted filesDescription: A logic issue was addressed with improved checks.CVE-2024-44269: an anonymous researcherSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A sandboxed app may be able to access sensitive user data insystem logsDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44278: Kirin (@Pwnrin)VoiceOverAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-44261: Braylon (@softwarescool)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may prevent ContentSecurity Policy from being enforcedDescription: The issue was addressed with improved checks.WebKit Bugzilla: 278765CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Additional recognitionSecurityWe would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai ofAlibaba Group for their assistance.SpotlightWe would like to acknowledge Paulo Henrique Batista Rosa de Castro(@paulohbrc) for their assistance.WebKitWe would like to acknowledge Eli Grey (eligrey.com) for theirassistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7.1 and iPadOS 17.7.1".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/ygACgkQX+5d1TXaIvp70A//T4cT9o2AwfLjB9L//65uQu1OEDEoX/dzeVg+V8TDPtTrWCQPhum7J0Djm133fcAFJKoAe65cc3u9C5LH1sNqR9LkMyHVDLavL5cFZRgyHKBJ6JR0AGRRBP6GzGHeU/O5xT7yrJHl31EGODyezzTb+0P5TJ7pCY7SmJNRjrQV0Vhhk87c5bp6dBQavXIIQNKxJU4Z1jPX3XhKaNQ+UwJONWcDMiDLsuuILsZ5bd1DEfviUiw28NmhLSXFcrQjk5qh0/Cago8EYSs/m6geHrLQk+clT1g5UpVBncSyJAY76iUzzrPfgp8lS8mOQztYw5VV9eR+qxpLlJEmROZRg2bOsIMRygmCaA3Z1Eh4sq00jMpS7V7M0BHKBoeRbw2I0asAc0emU1ap/xH4vHGSHEwoPGl36Wl12p3KXNhWIQ3t7jLkQRkq+hvAi9YucBWd84xEq1tbJEImNifiqc4Xe83+QlZfSDmNkavfpxYEKfiojtn2mFQu2FypkZz7+Avrk3F1iY/FFzZqzjr3rOc+tGxHlPPj7lLsjfGRu5iiifC/3H9oRQ6C6KVxS/zDNnaHZDxQkUFOCCOxtSWeCq8ajKyM5wLdqGKRjWS57rwxJM5qxwfWVe/Z76mkSnNm4UnyPu1zHT3vmwXS7uhmkkL+nV3OncIhqF0dGc+abYlSGbFi+rs==+rNo-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-2

Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-10-28-2024-1 iOS 18.1 and iPadOS 18.1iOS 18.1 and iPadOS 18.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121563.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and laterImpact: An attacker with physical access to a locked device may be ableto view sensitive user informationDescription: The issue was addressed with improved authentication.CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, JakeDerouinApp SupportAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may be able to run arbitrary shortcuts withoutuser consentDescription: A path handling issue was addressed with improved logic.CVE-2024-44255: an anonymous researcherCoreMedia PlaybackAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may be able to access private informationDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine LabCoreTextAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted font may result in thedisclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeCVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeFoundationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved inputvalidation.CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero DayInitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing an image may result in disclosure of process memoryDescription: This issue was addressed with improved checks.CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day InitiativeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted message may lead to a denial-of-serviceDescription: The issue was addressed with improved bounds checks.CVE-2024-44297: Jex AmroIOSurfaceAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: A use-after-free issue was addressed with improved memorymanagement.CVE-2024-44285: an anonymous researcheriTunesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A remote attacker may be able to break out of Web ContentsandboxDescription: A custom URL scheme handling issue was addressed withimproved input validation.CVE-2024-40867: Ziyi Zhou (@Shanghai Jiao Tong University), Tianxiao Hou(@Shanghai Jiao Tong University)KernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44239: Mateusz Krzywicki (@krzywix)Managed ConfigurationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: This issue was addressed with improved handling ofsymlinks.CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail AmzdakMobileBackupAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead tomodification of protected system filesDescription: A logic issue was addressed with improved file handling.CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill(@jjtech@infosec.exchange)Pro ResAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to cause unexpected system termination orcorrupt kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from DawnSecurity Lab of JD.com, Inc.Safari DownloadsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to misuse a trust relationship todownload malicious contentDescription: This issue was addressed through improved state management.CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)Safari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Private browsing may leak some browsing historyDescription: An information leakage was addressed with additionalvalidation.CVE-2024-44229: Lucas Di TomaseSceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to heapcorruptionDescription: This issue was addressed with improved checks.CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero DayInitiativeShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44254: Kirin (@Pwnrin)ShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A malicious app may use shortcuts to access restricted filesDescription: A logic issue was addressed with improved checks.CVE-2024-44269: an anonymous researcherSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)SiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker with physical access may be able to access contactphotos from the lock screenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-40851: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege of Technology Bhopal India, Srijan PoudelSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved state management.CVE-2024-44263: Kirin (@Pwnrin) and 7feileeSiriAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: A sandboxed app may be able to access sensitive user data insystem logsDescription: An information disclosure issue was addressed with improvedprivate data redaction for log entries.CVE-2024-44278: Kirin (@Pwnrin)SpotlightAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed through improved state management.CVE-2024-44251: Abhay Kailasia (@abhay_kailasia) of Lakshmi NarainCollege of Technology Bhopal IndiaSpotlightAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: The issue was addressed with improved checks.CVE-2024-44235: Rizki Maulana (rmrizki.my.id), Dalibor Milanovic,Richard Hyunho Im (@richeeta) with Route Zero SecurityVoiceOverAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: An attacker may be able to view restricted content from the lockscreenDescription: This issue was addressed by restricting options offered ona locked device.CVE-2024-44261: Braylon (@softwarescool)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may prevent ContentSecurity Policy from being enforcedDescription: The issue was addressed with improved checks.WebKit Bugzilla: 278765CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma SoftPvt. Ltd, Pune (India)WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch3rd generation and later, iPad Pro 11-inch 1st generation and later,iPad Air 3rd generation and later, iPad 7th generation and later, andiPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to anunexpected process crashDescription: A memory corruption issue was addressed with improved inputvalidation.WebKit Bugzilla: 279780CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer(@p1umer)Additional recognitionAccessibilityWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ARTand taikosoup for their assistance.App StoreWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ARTand taikosoup for their assistance.CalculatorWe would like to acknowledge Kenneth Chew for their assistance.CalendarWe would like to acknowledge  K宝(@Pwnrin) for their assistance.CameraWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India for their assistance.FilesWe would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,Christian Scalese for their assistance.ImageIOWe would like to acknowledge Amir Bazine and Karsten König ofCrowdStrike Counter Adversary Operations, an anonymous researcher fortheir assistance.MessagesWe would like to acknowledge Collin Potter, an anonymous researcher fortheir assistance.NetworkExtensionWe would like to acknowledge Patrick Wardle of DoubleYou & theObjective-See Foundation for their assistance.Personalization ServicesWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India, Bistrit Dahal for theirassistance.PhotosWe would like to acknowledge James Robertson, Kamil Bourouiba for theirassistance.Safari Private BrowsingWe would like to acknowledge an anonymous researcher, r00tdaddy fortheir assistance.Safari TabsWe would like to acknowledge Jaydev Ahire for their assistance.SecurityWe would like to acknowledge Bing Shi, Wenchao Li and Xiaolong Bai ofAlibaba Group for their assistance.SettingsWe would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup,JS for their assistance.SiriWe would like to acknowledge Bistrit Dahal for their assistance.SpotlightWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) from LNCTBhopal and C-DAC Thiruvananthapuram India for their assistance.Time ZoneWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal India and Siddharth Choubey fortheir assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 18.1 and iPadOS 18.1".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmcf/dUACgkQX+5d1TXaIvqm0BAApx/I4XTM2+r/UgcEZEbgh0EpJ1eAh4YUjhhfju7hcytJK5hFtXAWoOr8n9ZBIWz2ulzpXnjFkP6NySC6gyPPeF0Mb3TjWcUz9HaSwbscaLaHQOMSHs5+g6npuJreJ0oC3HS1YQiBAuHcjgg/v9QWqP33osue2gF40ywGTfmjIQp1W8Pgm9iUIIiV2whN5M0UWUg4ioxkCI5wol9cE6HYsD38u45RuqkBNa1DEOta4rpHK8t+Tku7nqKP0aH3EPyahxvW5mTG1f0M5yesYrf5xA7XCnwelvHLan+FmtxiCCtlzAyrIeDrut27oBJNN9ypoMC0h9wz8lNw2Z8r/8OzSGBhmQOaIFs3aFDck2k/itvaYscCIZp1hwcU3sQ14mygrxJQCzRJt2P0WNZDQEN3z8qTMfPa22w+0CfjzavCeqJBUAPcz9lVLqzs6wrssaK/MbKA1MleFY1UcfxEPKr2jJ/c1zwxG32OsHowHyYhcrWlURIQO3onCdcDY664cEelaOlm+PkDUY+AWOOOTGB/UpV7JzRFl6oG6VqFFyigd7ukYnZ6R6gRwmhzF13x3VrrynWuQfuuc5nFNI+6K19tjqX6O9p+5bUcK5Pmrs3EglWd3OLIauWLcy4oJGe0KeD70kWoXDCwHFzTQl3MwdMmxAJomsjEUre1ghUifCc/vDs==1SoX-----END PGP SIGNATURE-----

Apple Security Advisory 10-28-2024-1

Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS.

Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as you can.

To check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Update options

**Technical details**

Noteworthy are four vulnerabilities in Siri and another vulnerability in Accessibility which would allow an attacker with physical access to view sensitive user information. This may not seem very urgent at first, but if your device gets stolen then the thief can learn things about you which is far from ideal.

These are some of the vulnerabilities that jumped out at us.

CVE-2024-44274: a vulnerability in Accessibility that could allow an attacker with physical access to a locked device to view sensitive user information. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1 with improved authentication.

CVE-2024-44282: a vulnerability in Foundation where parsing a file could lead to disclosure of user information. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1 by improved input validation. Foundation serves as a fundamental framework that offers a base layer of functionality for Apple’s operating systems. Among others it’s responsible for file system access.

CVE-2024-40867: a vulnerability in iTunes caused by a custom URL scheme handling issue that could be used by an attacker to break out of Web Content sandbox. This issue is fixed in iOS 18.1 and iPadOS 18.1 by improved input validation. Breaking out of the Web Content sandbox allows a malicious website or attacker to potentially access sensitive data, control other parts of the system, and compromise the overall security of the device beyond the intended limitations of the web browser.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities 

Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad…

Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad device compatibility. Enjoy seamless access to geo-restricted content securely.

Some geo-restricted content can only be unlocked and streamed using a Virtual Private Network (VPN). A VPN for streaming services allows you to watch content seamlessly while protecting your online identity.

With so many VPNs available, not all perform equally, making it challenging to find the best VPNs without interruptions. In this article, we’ll break down essential features to consider when selecting the top VPNs for streaming.

**Server Locations and Coverage**

An important feature in a streaming VPN is server locations and coverage, which determine the content you can access. Choose a VPN with a wide range of high-speed servers to prevent connectivity issues. A strong network spread across multiple countries will allow access to geo-restricted content. Look for VPN providers that frequently update servers, as this indicates a commitment to maintaining quality.

**Speed and Bandwidth**

To support HD streaming, ensure your VPN offers speeds of at least 100 Mbps, with no bandwidth limits or throttling. A VPN optimized for streaming should minimize buffering and reduce latency for smoother content loading.

****Encryption and Security****

When choosing a VPN for streaming, prioritize strong encryption and security. Look for AES-256 encryption or higher, and support for OpenVPN, IKEv2, and WireGuard protocols. The VPN should also include DNS leak protection to keep your IP address secure. If the VPN connection drops, an automatic internet disconnect feature ensures data remains private. These protections ensure that your data will not be exposed to third parties.

****Streaming Optimization****

Streaming optimization is key. The VPN should be optimized for high-speed, low-latency streaming, with custom protocols tailored to this purpose. Look for features that automatically select the best server for streaming, reducing buffering and enhancing speed.

****Device Compatibility****

Your VPN should support all the devices you plan to connect, including Windows, macOS, iOS, Android, and Linux. Look for compatibility with smart TVs (such as Samsung TV, Android TV, and Apple TV) and gaming consoles (PlayStation, Xbox, Nintendo Switch). It should also work with popular streaming platforms like Roku, Chromecast, and Amazon Fire TV. Browser extensions for Chrome, Firefox, and Safari add versatility, making it easier to stream across multiple devices.

****Simultaneous Connections****

Choose a VPN that supports at least five simultaneous connections. This feature lets you connect multiple devices without altering individual settings, which is convenient for families or business use. Check the VPN documentation for setup guides and confirm compatibility with less common devices like Linux and Chromebook. Additionally, look for split tunneling to configure specific device connections.

****Customer Support****

Reliable customer support is essential when using a VPN for streaming. Quick access to assistance for any issues or questions is critical. Look for providers that offer guides, FAQs, and tutorials for self-help, and a prompt email response time (ideally within 3 hours). Social media support is a plus. Effective customer support indicates a provider’s commitment to user satisfaction and technical support.

****Pricing and Payment Options****

Consider affordability and payment flexibility. Some VPNs offer discounts for long-term plans, free trials, money-back guarantees, and even cryptocurrency options. Make sure you’re getting value for your investment and review refund policies carefully. Look out for hidden fees or sudden price hikes, and ensure pricing transparency before subscribing.

****Logging Policy****

Opt for a VPN with a strict no-logs policy. It should avoid storing IP addresses, tracking online activities, or saving connection metadata. This policy helps ensure your privacy, reduces data breach risks, and underscores the VPN’s commitment to protecting client data.

****Compatibility with Popular Streaming Services****

Ensure the VPN is compatible with major streaming platforms you want to access, such as Netflix, Disney+, Hulu, Amazon Prime Video, HBO Max, and BBC iPlayer. Compatibility with these services ensures a smooth streaming experience and value for your subscription.

****Conclusion****

When selecting a VPN for streaming, consider these key features to make an informed choice. Look for speed, encryption, extensive server locations, streaming optimization, and privacy protections. Ensure the VPN provider doesn’t store user data and that its pricing, support, and device compatibility meet your expectations. Taking these steps will give you the best streaming experience while maintaining your online privacy.

1.  **Everything you need to know about VPN tracking**
2.  **Almost Every Major Free VPN Service is a Glorified Data Farm**
3.  **Surfshark VPN Data Breach Awareness with See-Through Toilet**
4.  **ASUS and NordVPN Partner to Integrate VPN Service into Routers**
5.  **Google Launches Verification Badges for Security Tested VPN Apps**

Top VPN Features to Consider When Choosing the Right Streaming Service

Apple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a $1 million bug bounty for…

Apple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a $1 million bug bounty for cybersecurity experts to find flaws in its Private Cloud Compute servers, enhancing privacy and AI security on iOS and macOS.

Apple today unveiled its highly anticipated AI-powered service, Apple Intelligence for iPhone, iPad, and Mac. This service, set to arrive with iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, combines on-device processing with powerful cloud-based computing to handle complex AI tasks.

A preview of writing tools powered by Apple Intelligence

To ensure the security of these cloud-based systems, Apple has introduced a comprehensive bug bounty program. The tech giant is offering a reward of up to $1 million to security researchers who can successfully identify and exploit vulnerabilities in its “Private Cloud Compute” servers.

These servers, specifically designed for Apple Intelligence, are responsible for processing intensive AI tasks that cannot be handled by individual devices. This initiative is designed to strengthen the security of the Private Cloud Compute (PCC) servers that will underpin this service. The PCC servers, which will handle certain AI-powered tasks, are a critical component of Apple Intelligence. 

“We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale, and we look forward to working with the research community to build trust in the system and make it even more secure and private over time,” Apple stated in its official statement.

Apple has taken significant steps to prioritize user privacy and security. To further strengthen trust, Apple has also opened up a Virtual Research Environment (VRE) to researchers and security enthusiasts.

The VRE provides access to the PCC software, allowing individuals to scrutinize its code and identify potential vulnerabilities. This allows them to scrutinize the system’s security measures and identify potential weaknesses.

The iPhone maker has also published a comprehensive security guide, detailing the intricacies of PCC’s security architecture and how it protects user data. This guide, coupled with the VRE, provides a robust platform for security researchers to delve deep into the system and uncover potential weaknesses.

The program offers a range of rewards, including $50,000 for accidental or unexpected data disclosure, $100,000 for uncertified code execution, $150,000 for access to user request data or sensitive information outside the trust boundary, and $250,000.

Additionally, $1,000 for arbitrary code execution without user permission or knowledge. Apple also promises to consider awarding money for any security issue that significantly impacts PCC, even if it doesn’t match a published category. 

By offering a substantial reward for critical vulnerabilities, Apple is encouraging the global cybersecurity community to contribute to the security of its AI infrastructure. The company is particularly interested in vulnerabilities that could compromise user data, execute code without permission, or exploit system design flaws.

By inviting the security community to scrutinize its infrastructure, Apple is also showing a commitment to transparency and security. To learn more about Apple Bug Bounty Program visit this link.

1.  Google Launches $250,000 kvmCTF Bug Bounty Program
2.  OpenAI Launches $200 to $20k ChatGPT Bug Bounty Program
3.  When Ethical Hackers Saved Companies from Devastating Hacks
4.  Multichain hack: Hacker returns $1m, keeps $150k as bug bounty
5.  A 19-year-old ethical hacker is a millionaire now; thanks to his skills

Apple Launches ‘Apple Intelligence’ and Offers $1M Bug Bounty for Security

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

Source: Igor Stevanovic via Alamy Stock Photo

A new prompt-injection technique could allow anyone to bypass the safety guardrails in OpenAI's most advanced language learning model (LLM).

GPT-4o, released May 13, is faster, more efficient, and more multifunctional than any of the previous models underpinning ChatGPT. It can process multiple different forms of input data in dozens of languages, then spit out a response in milliseconds. It can engage in real-time conversations, analyze live camera feeds, and maintain an understanding of context over extended conversations with users. When it comes to user-generated content management, however, GPT-4o is in some ways still archaic.

Marco Figueroa, generative AI (GenAI) bug-bounty programs manager at Mozilla, demonstrated in a new report how bad actors can leverage the power of GPT-4o while skipping over its guardrails. The key is to essentially distract the model by encoding malicious instructions in an unorthodox format, and spread them out in distinct steps.

**Tricking ChatGPT Into Writing Exploit Code**

To prevent malicious abuse, GPT-4o analyzes user inputs for any signs of bad language, instructions with ill intent, etc.

But at the end of the day, Figueroa says, "It's just word filters. That's what I've seen through experience, and we know exactly how to bypass these filters."

For example, he says, "We can modify how something's spelled out — break it up in certain ways — and the LLM interprets it." GPT-4o might not reject a malicious instruction if it's presented with a spelling or phrasing that doesn't accord with typical natural language.

Figuring out the exact right way to present information in order to dupe state-of-the-art AI, though, requires lots of creative brain power. It turns out that there's a much simpler method for bypassing GPT-4o's content filtering: encoding instructions in a format other than natural language.

To demonstrate, Figueroa arranged an experiment with the goal of getting ChatGPT to do something it otherwise shouldn't: write exploit code for a software vulnerability. He picked CVE-2024-41110, a bypass for authorization plug-ins in Docker that earned a "critical" 9.9 out of 10 rating in the Common Vulnerability Scoring System (CVSS) this summer.

To trick the model, he encoded his malicious input in hexadecimal format, and provided a set of instructions for decoding it. GPT-4o took that input — a long series of digits and letters A through F — and followed those instructions, ultimately decoding the message as an instruction to research CVE-2024-41110 and write a Python exploit for it. To make it less likely that the program would make a fuss over that instruction, he used some leet speak, asking for an "3xploit," instead of an "exploit."

Source: Mozilla

In a minute flat, ChatGPT generated a working exploit similar to, but not exactly like, another PoC already published to GitHub. Then, as a bonus, it attempted to execute the code against itself. "There wasn't any instruction that specifically said to execute it. I just wanted to print it out. I didn't even know why it went ahead and did that," Figueroa says.

**What's Missing in GPT-4o?**

It's not just that GPT-4o is getting distracted by decoding, according to Figueroa, but that it's in some sense missing the forest for the trees — a phenomenon that has been documented in other prompt-injection techniques lately.

"The language model is designed to follow instructions step-by-step, but lacks deep context awareness to evaluate the safety of each individual step in the broader context of its ultimate goal," he wrote in the report. The model analyzes each input — which, on its own, doesn't immediately read as harmful — but not what the inputs produce in sum. Rather than stop and think about how instruction one bears on instruction two, it just charges ahead.

"This compartmentalized execution of tasks allows attackers to exploit the model's efficiency at following instructions without deeper analysis of the overall outcome," according to Figueroa.

If this is the case, ChatGPT will not only need to improve how it handles encoded information but also develop a kind of broader context around instructions split into distinct steps.

To Figueroa, though, OpenAI appears to have been valuing innovation at the cost of security when developing its programs. "To me, they don't care. It just feels like that," he says. By contrast, he's had much more trouble trying the same jailbreaking tactics against models by Anthropic, another prominent AI company founded by former OpenAI employees. "Anthropic has the strongest security because they have built both a prompt firewall \[for analyzing inputs\] and response filter \[for analyzing outputs\], so this becomes 10 times more difficult," he explains.

Dark Reading is awaiting comment from OpenAI on this story.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Mozilla: ChatGPT Can Be Manipulated Using Hex Code

Plus: Apple offers $1 million to hack its AI cloud infrastructure, Iranian hackers successfully peddle stolen Trump campaign docs, Russia hacks the nation of Georgia, and a “cyberattack” that wasn’t.

The Chinese spy operation adds to the growing sense of a melee of foreign digital interference in the election, which has already included Iranian hackers’ attempt to hack and leak emails from the Trump campaign—with limited success—and Russia-linked disinformation efforts across social media.

**Apple Releases Security Research Tools for Private Cloud Compute**

Ahead of the full launch next week of Apple’s AI platform, Apple Intelligence, the company debuted tools this week for security researchers to evaluate its cloud infrastructure known as Private Cloud Compute. Apple has gone to great lengths to engineer a secure and private AI cloud platform, and this week’s release includes extensive detailed technical documentation of its security features as well as a research environment that is already available in the macOS Sequoia 15.1 beta release. The testing features allow researchers (or anyone) to download and evaluate the actual version of PCC software that Apple is running in the cloud at a given time. The company tells WIRED that the only modifications to the software relate to optimizing it to run in the virtual machine for the research environment. Apple also released the PCC source code and said that as part of its bug bounty program, vulnerabilities that researchers discover in PCC will be eligible for a maximum bounty payout of up to $1 million.

**Iranian Hackers Found Takers for Their Stolen Trump Emails**

Over the summer, Politico, The New York Times, and The Washington Post each revealed that they’d been approached by a source offering hacked Trump campaign emails—a source whom the US Justice Department says was working on behalf of the Iranian government. The news outlets all refused to publish or report on those stolen materials. Now it appears that Iran’s hackers did eventually find outlets outside the mainstream media that were willing to release those emails. American Muckrakers, a PAC run by a Democratic operative, did publish the documents after soliciting them in a public post on X, writing, “Send it to us and we'll get it out.”

American Muckrakers then published internal Trump campaign communications about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, as well as material that seemed to suggest a financial arrangement between Donald Trump and Robert F. Kennedy Jr., the third-party candidate who dropped out of the race and endorsed Trump. Independent journalist Ken Klippenstein also received and published some of the hacked material, including a research profile on Trump running mate and US senator J.D. Vance that the campaign assembled when assessing him for the role. Klippenstein subsequently received a visit from the FBI, he’s said, warning him that the documents were shared as part of a foreign influence campaign. Klippenstein has defended his position, arguing that the media should not serve as "gatekeeper of what the public should know.”

**Russian Cyberspies Hacked the Entire Nation of Georgia**

As Russia has both waged war and cyberwar against Ukraine, it’s also carried out a vast campaign of hacking against another neighbor to the West with whom it’s long had a fraught relationship: Georgia. Bloomberg this week revealed ahead of the Georgian election how Russia systematically penetrated the smaller country’s infrastructure and government in a yearslong series of digital intrusion operations. From 2017 to 2020, for instance, Russia’s military intelligence agency, the GRU, hacked Georgia’s Central Election Commission (just as it did in Ukraine in 2014), multiple media organizations, and IT systems at the country’s national railway company—all in addition to the attack on Georgian TV stations that the NSA pinned on the GRU’s Sandworm unit in 2020. Meanwhile, hackers known as Turla, working for the Kremlin’s KGB successor the FSB, broke into Georgia’s Foreign Ministry and stole gigabytes of officials’ emails over months. According to Bloomberg, Russia’s hacking efforts weren’t limited to espionage, but also appeared to include preparing for disruption of Georgian infrastructure like the electric grid and oil companies in the event of an escalating conflict.

**This May Be the Worst-Ever Headline About a “Cyberattack”**

For years, cybersecurity professionals have argued about what constitutes a cyberattack. An intrusion designed to destroy data, cause disruption, or sabotage infrastructure? Yes, that’s a cyberattack. A hacker breach to steal data? No. A hack-and-leak operation or an espionage mission with a disruptive clean-up phase? Probably not, but there’s room for debate. The Jerusalem Post this week, however, achieved perhaps the clearest-cut example of calling something a cyberattack—in a headline no less—that is very clearly not: disinformation on social media. The so-called “Hezbollah cyberattack” that the news outlet reported was a collection of photos of Israeli hospitals posted by “hackers” identifying as Hezbollah supporters that suggested weapons and cash were stored underneath them and that they should be attacked. The posts seemingly came in response to the Israeli Defense Forces’ repeating similar claims about hospitals in Gaza that the IDF has bombed, as well as another more recently in Lebanon’s capital city of Beirut.

“These are NOT CYBERATTACKS,” security researcher Lukasz Olejnik, the author of the books _The Philosophy of Cybersecurity_ and _Propaganda_, wrote next to a screenshot of the Jerusalem Post headline on X. “Posting images to social media is not hacking. Such a bad take.”

Chinese Hackers Target Trump Campaign via Verizon Breach

Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.

Source: Design Pics Inc via Alamy Stock Photo

Russia's premiere advanced persistent threat group has been phishing thousands of targets in militaries, public authorities, and enterprises.

APT29 (aka Midnight Blizzard, Nobelium, Cozy Bear) is arguably the world's most notorious threat actor. An arm of the Russian Federation's Foreign Intelligence Service (SVR), it's best known for the historic breaches of SolarWinds and the Democratic National Committee (DNC). Lately, it has breached Microsoft's codebase and political targets across Europe, Africa, and beyond.

"APT29 embodies the 'persistent' part of 'advanced persistent threat,'" says Satnam Narang, senior staff research engineer at Tenable. "It has persistently targeted organizations in the United States and Europe for years, utilizing various techniques, including spear-phishing and exploitation of vulnerabilities to gain initial access and elevate privileges. Its modus operandi is the collection of foreign intelligence, as well as maintaining persistence in compromised organizations in order to conduct future operations."

Along these same lines, the Computer Emergency Response Team of Ukraine (CERT-UA) recently discovered APT29 phishing Windows credentials from government, military, and private sector targets in Ukraine. And after comparing notes with authorities in other countries, CERT-UA found that the campaign was actually spread across "a wide geography."

That APT29 would go after sensitive credentials from geopolitically prominent and diverse organizations is no surprise, Narang notes, though he adds that "the one thing that does kind of stray from the path would be its broad targeting, versus \[its typical more\] narrowly focused attacks."

**AWS and Microsoft**

The campaign, which dates back to August, was carried out using malicious domain names designed to seem like they were associated with Amazon Web Services (AWS). The emails sent from these domains pretended to advise recipients on how to integrate AWS with Microsoft services, and how to implement zero trust architecture.

Despite the masquerade, AWS itself reported that the attackers weren't after Amazon, or its customers' AWS credentials.

What APT29 really wanted was revealed in the attachments to those emails: configuration files for Remote Desktop, Microsoft's application for implementing the Remote Desktop Protocol (RDP). RDP is a popular tool that legitimate users and hackers alike use to operate computers remotely.

"Normally, attackers will try to brute force their way into your system or exploit vulnerabilities, then have RDP configured. In this case, they're basically saying: 'We want to establish that connection \[upfront\],'" Narang says.

Launching one of these malicious attachments would have immediately triggered an outgoing RDP connection to an APT29 server. But that wasn't all: The files also contained a number of other malicious parameters, such that when a connection was made, the attacker was given access to the target computer's storage, clipboard, audio devices, network resources, printers, communication (COM) ports, and more, with the added ability to run custom malicious scripts.

**Block RDP**

APT29 may not have used any legitimate AWS domains, but Amazon still managed to interrupt the campaign by seizing the group's malicious copycats.

For potential victims, CERT-UA recommends strict precautions: not just monitoring network logs for connections to IP addresses tied to APT29 but also analyzing all outgoing connections to all IP addresses on the wider Web through the end of the month.

And for organizations at risk in the future, Narang offers simpler advice. "First and foremost, don't allow RDP files to be received. You can block them at your email gateway. That's going to kneecap this whole thing," he says.

AWS declined to provide further comment for this story. Dark Reading has also reached out to Microsoft for its perspective.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Russia's APT29 Mimics AWS Domains to Steal Windows Credentials

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering.
PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is

Cloud Security / Artificial Intelligence

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering.

PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is to offload computationally complex Apple Intelligence requests to the cloud in a manner that doesn't sacrifice user privacy.

Apple said it's inviting "all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims."

To further incentivize research, the iPhone maker said it's expanding the Apple Security Bounty program to include PCC by offering monetary payouts ranging from $50,000 to $1,000,000 for security vulnerabilities identified in it.

This includes flaws that could allow execution of malicious code on the server, and exploits capable of extracting users' sensitive data, or information about the user's requests.

The VRE aims to offer a suite of tools to help researchers carry out their analysis of PCC from the Mac. It comes with a virtual Secure Enclave Processor (SEP) and leverages built-in macOS support for paravirtualized graphics to enable inference.

Apple also said it's making the source code associated with some components of PCC accessible via GitHub to facilitate a deeper analysis. This includes CloudAttestation, Thimble, splunkloggingd, and srd\_tools.

"We designed Private Cloud Compute as part of Apple Intelligence to take an extraordinary step forward for privacy in AI," the Cupertino-based company said. "This includes providing verifiable transparency – a unique property that sets it apart from other server-based AI approaches."

The development comes as broader research into generative artificial intelligence (AI) continues to uncover novel ways to jailbreak large language models (LLMs) and produce unintended output.

Earlier this week, Palo Alto Networks detailed a technique called Deceptive Delight that involves mixing malicious and benign queries together to trick AI chatbots into bypassing their guardrails by taking advantage of their limited "attention span."

The attack requires a minimum of two interactions, and works by first asking the chatbot to logically connect several events – including a restricted topic (e.g., how to make a bomb) – and then asking it to elaborate on the details of each event.

Researchers have also demonstrated what's called a ConfusedPilot attack, which targets Retrieval-Augmented Generation (RAG) based AI systems like Microsoft 365 Copilot by poisoning the data environment with a seemingly innocuous document containing specifically crafted strings.

"This attack allows manipulation of AI responses simply by adding malicious content to any documents the AI system might reference, potentially leading to widespread misinformation and compromised decision-making processes within the organization," Symmetry Systems said.

Separately, it has been found that it's possible to tamper with a machine learning model's computational graph to plant "codeless, surreptitious" backdoors in pre-trained models like ResNet, YOLO, and Phi-3, a technique codenamed ShadowLogic.

"Backdoors created using this technique will persist through fine-tuning, meaning foundation models can be hijacked to trigger attacker-defined behavior in any downstream application when a trigger input is received, making this attack technique a high-impact AI supply chain risk," Hidden Layer researchers Eoin Wickens, Kasimir Schulz, and Tom Bonner said.

"Unlike standard software backdoors that rely on executing malicious code, these backdoors are embedded within the very structure of the model, making them more challenging to detect and mitigate."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

Source: Thomas Kyhn via Alamy Stock Photo

An unknown threat actor has compromised Fortinet devices en masse across various industries, leaving no particular indication of what they plan to do next.

The campaign was enabled by a critical vulnerability, CVE-2024-47575, which the Cybersecurity and Infrastructure Security Agency (CISA) has just added to its Known Exploited Vulnerability (KEV) catalog. It affects Fortinet's FortiManager tool, the single, centralized console from which organizations can manage all their Fortinet brand firewalls, access points, application delivery controllers (ADCs), and email gateways. Up to 100,000 devices can be managed from a single FortiManager interface, making it an efficient tool for IT administration, and a spectacular launchpoint for cyberattacks.

According to Mandiant, a threat actor it now tracks as UNC5820 used CVE-2024-47575 to compromise more than 50 instances of FortiManager. Doing so enabled them to siphon off information about the various devices connected to those FortiManager instances, which could prove useful in follow-on attacks. To this point, however, no malicious follow-on activity has been observed.

**A Critical Vulnerability in FortiManager**

CVE-2024-47575 results from a missing authentication in the fgfmd daemon, a "critical function" that facilitates communication between FortiManager and the various Fortinet devices it manages. Using specially crafted requests, a remote, unauthenticated attacker could exploit this missing authentication to execute arbitrary code or commands in a targeted device. The centrality of the vulnerable daemon, combined with the severe effect of such an attack, have earned CVE-2024-47575 a "critical" 9.8 out of 10 score according to the Common Vulnerability Scoring System (CVSS).

“These types of exploits are some of the most coveted by attackers as little to no action is required on the part of the victim for the attacker to gain remote access," notes T. Frank Downs, senior director of proactive services at BlueVoyant. "Large-scale exploitation could enable lateral movement to other managed devices, leading to widespread network disruption and data breaches. These actions, in turn, could allow attackers to exfiltrate sensitive data from FortiManager devices, including configurations and credentials."

The unidentified threat actor UNC5820 has already halfway demonstrated what one can do with CVE-2024-47575. Beginning June 27, UNC5820 connected to multiple Fortinet devices from an IP address in Japan. Quickly, a series of important files were zipped into an archive file. These included the targeted FortiManager's build, version, and branch data, configuration files for FortiGate devices it managed, hashed passwords, and more.

Researchers identified another exploitation attempt in September, during which the attacker managed to register their own, unauthorized Fortinet device to the targeted FortiManager console.

In theory, all this data would have been useful for getting to know the target's environment, and laying the groundwork for a mean follow-on attack. "The potential damage from this vulnerability is significant, as it allows attackers to remotely execute code and access sensitive data without authentication, leading to data breaches, network disruptions, and unauthorized access to critical systems," Downs says. And yet, Mandiant has not observed evidence of any such attacks to date.

**What to Do Now**

To exploit CVE-2024-47575 in the first place, UNC5820 would have required some means to reach an organization's FortiManager device. Thus, only those exposed to the Internet are likely to have been targeted.

For organizations with exposed management consoles, Mandiant recommends immediate, thorough forensic investigations, and only allowing known devices and IPs access to FortiManager. Fortinet's FortiGuard Labs has also published further recommendations for remediation to its blog, including workarounds for cases in which an upgrade to the latest software is not possible.

In response to a request for comment from Dark Reading, Fortinet offered the following statement:

"After identifying this vulnerability (CVE-2024-47575), Fortinet promptly communicated critical information and resources to customers. This is in line with our processes and best practices for responsible disclosure to enable customers to strengthen their security posture prior to an advisory being publicly released to a broader audience, including threat actors. We also have published a corresponding public advisory (FG-IR-24-423) reiterating mitigation guidance, including a workaround and patch updates. We urge customers to follow the guidance provided to implement the workarounds and fixes and to continue tracking our advisory page for updates. We continue to coordinate with the appropriate international government agencies and industry threat organizations as part of our ongoing response."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Tag

#apple