Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.

Source: stLegat via Alamy Stock Photo

Stopping the spread of commercial spyware is shaping up to be too big of a job even for tech titans like Apple.

The company dropped its years-long legal effort against Pegasus spyware dealer NSO Group, declining to hand over sensitive threat intelligence that it said could be used by adversaries against its own security defenses.

Pegasus spyware is a zero-click espionage malware deployed against iPhones, including that of Russian journalist Galina Timchenko, among others.

Meanwhile, international governments continue to hammer individuals and entities affiliated with commercial spyware operations with sweeping sanctions that have have little effect, leaving the digital espionage market wide open for investors, operators, and dictators around the globe.

Cupertino's brass is also encouraged by the work the US, international governments, and the tech sector at large have done to fight the rise of commercial spyware, Apple explained in its Sept. 13 motion to dismiss.

"When it filed this lawsuit nearly three years ago, Apple recognized that it would involve sharing information with third parties," Apple said. "Because of the developments since this suit was filed, proceeding forward at this time would now present too significant a risk to Apple's threat intelligence program."

Apple laid out other factors in the changed the landscape that made it increasingly dangerous for the company to release sensitive information.

First, Apple claimed that in the years since it first brought legal action against NSO Group it has continued to develop its threat intelligence to actively defend its users from threat actors. Handing over details about how Apple fights spyware to known spyware operators would be a bad idea. Apple added that NSO Group had been stingy with disclosures it made during the case's discovery process.

Further, Apple noted the commercial spyware sector has become more decentralized and that NSO Group is no longer a single actor in the cyber-espionage space; any action against the Israeli company would simply strengthen other spyware sellers as authoritarian governments pivot from Pegasus to numerous competing spyware brands.

Finally, Apple explained to the court that international governments have come around in the past three years and taken up the fight against spyware and the threat it poses to human rights around the world.

**Spyware Sanctions Aren't Working**

As if on cue, the US Department of the Treasury dropped a new round of sanctions just days later, on Sept. 16, this time against what the department calls "enablers" of the Intellexa commercial spyware consortium, identified to be behind Predator spyware. Sanctioned individuals include Felix Bitzios, Andrea Nicola Constantino Hermes Gambazzi, Merom Harpaz, Panagiota Karaoli, Artemis Artemiou, and the Aliada Group Inc.

These sanctions prohibit any US transactions with those named as well as any entities in which they own 50% or more, bar them from obtaining a US visa, and more.

But research shows sanctions have had little impact on stymieing the broader commercial spyware market. Digital eavesdropping continues to be deployed against diplomats, journalists, and ordinary citizens and vendors while intelligence gatherers have improved their ability to operate in the shadows, easily gaming sanctions and restrictions.

This past March, two individuals and five entities the US government said were associated with Predator mobile spyware operators were sanctioned as a result of Predator's network and infrastructure's spread into Botswana and the Philippines.

Nonetheless, it seems the cost of stopping spyware in the courtroom is too high even for the deepest-pocketed actors like Apple. Instead Apple said it will dig in on defense and leave offense to the feds.

"Apple has made the decision to prioritize its expert security resources and advanced threat-intelligence program to continue to stop destructive spyware through technical methods," the company said.

Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets

Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

macOS Ventura 13.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121234.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accounts  
Available for: macOS Ventura  
Impact: An app may be able to leak sensitive user information  
Description: The issue was addressed with improved checks.  
CVE-2024-44129

App Intents  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive data logged when a  
shortcut fails to launch another app  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44182: Kirin (@Pwnrin)

AppKit  
Available for: macOS Ventura  
Impact: An unprivileged app may be able to log keystrokes in other apps  
including those using secure input mode  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-27886: Stephan Casas, an anonymous researcher

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with additional code-signing  
restrictions.  
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40814: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A library injection issue was addressed with additional  
restrictions.  
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity  
Available for: macOS Ventura  
Impact: An attacker may be able to read sensitive information  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40848: Mickey Jin (@patch1t)

Automator  
Available for: macOS Ventura  
Impact: An Automator Quick Action workflow may be able to bypass  
Gatekeeper  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-44128: Anton Boegler

bless  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44151: Mickey Jin (@patch1t)

Compression  
Available for: macOS Ventura  
Impact: Unpacking a maliciously crafted archive may allow an attacker to  
write arbitrary files  
Description: A race condition was addressed with improved locking.  
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-44177: an anonymous researcher

Game Center  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A file access issue was addressed with improved input  
validation.  
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO  
Available for: macOS Ventura  
Impact: Processing an image may lead to a denial-of-service  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero  
Day Initiative, an anonymous researcher

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Intel Graphics Driver  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

IOSurfaceAccelerator  
Available for: macOS Ventura  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44169: Antonio Zekić

Kernel  
Available for: macOS Ventura  
Impact: Network traffic may leak outside a VPN tunnel  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44165: Andrew Lytvynov

Mail Accounts  
Available for: macOS Ventura  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps  
Available for: macOS Ventura  
Impact: An app may be able to read sensitive location information  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder  
Available for: macOS Ventura  
Impact: An app may be able to cause a denial-of-service  
Description: A logic error was addressed with improved error handling.  
CVE-2024-44183: Olivier Levon

Notes  
Available for: macOS Ventura  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44167: ajajfxhj

PackageKit  
Available for: macOS Ventura  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44178: Mickey Jin (@patch1t)

Safari  
Available for: macOS Ventura  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: This issue was addressed through improved state management.  
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox  
Available for: macOS Ventura  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Shortcuts  
Available for: macOS Ventura  
Impact: A shortcut may output sensitive user data without consent  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to observe data displayed to the user by  
Shortcuts  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

System Settings  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings  
Available for: macOS Ventura  
Impact: An app may be able to read arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency  
Available for: macOS Ventura  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Ventura 13.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboy2sACgkQX+5d1TXa  
IvoOmhAA1kPpqqhEBRbskSU4pFIfX+JY/MyIrnI+6pNgMk3CLhQ5SSx0aFS2tg/c  
We70hoiTA8eWMvRkYr8KYNriNstqCivg7iq84Gv4/ycJ9Hx4Zwj6pZh5If1H8y+Q  
3NVsvLgnmvnAb6W7MvpXtgma47vA5xRe2oefCNe6QbcC2qnQ2xaspBZtH805IkAi  
WznXdr7UXmjJyfjlgp2FifyiLYQoPXPGFOLKkBURDCxaH4SJidgvzxerU+B+1ju9  
dqW29eQwTjG+qhXncTuxfUSuQ5s7g5XfVqfvcTQihUk+ZjWaMYOaUT2UYlAgDfg5  
Mq35kP/Hvh8zmf+Ryufl3D+qfKpyVUUJUKu+kEMbOIoIMkCzM4F0G30czaKiGCA+  
tJCEtsY/oxcbEcy8DLQbesPCv5Hf1Gv2fMkP3p/6CAYqXQ1mXQF0Vm2erKRqS+yD  
N2+M+r/GFzvK4i9bf6j10kDgv9PRxPs+pH9zuU85cwhT+jZzr2dkvTC9p+mI+5CJ  
AZ7ZMgTLbXDw2M4d4e6mEV3XbJ5ebNqQv9t0Hfbg3pf8YVEeAO0casIPopLK6fqi  
uS7gn/3PL9C1HS2gqlekYuwiP0DSleKk9qCDUVVfmAAxTA1vHKvtvlRBO0ykN7HI  
NmX+8AuFy8jnZRmZWXIbav1/EdWYg7e5SLCD+pemYLcMYSoSNXg=  
=YxVI  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-10

Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121247.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved permissions logic.  
CVE-2024-44153: Mickey Jin (@patch1t)

App Intents  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive data logged when a  
shortcut fails to launch another app  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44182: Kirin (@Pwnrin)

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-40846: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative  
CVE-2024-40845: Pwn2car working with Trend Micro Zero Day Initiative

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A memory initialization issue was addressed with improved  
memory handling.  
CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with additional code-signing  
restrictions.  
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A library injection issue was addressed with additional  
restrictions.  
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An attacker may be able to read sensitive information  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40848: Mickey Jin (@patch1t)

AppleVA  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2024-40841: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppSandbox  
Available for: macOS Sonoma  
Impact: An app may be able to access protected files within an App  
Sandbox container  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44135: Mickey Jin (@patch1t)

Automator  
Available for: macOS Sonoma  
Impact: An Automator Quick Action workflow may be able to bypass  
Gatekeeper  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-44128: Anton Boegler

bless  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44151: Mickey Jin (@patch1t)

Compression  
Available for: macOS Sonoma  
Impact: Unpacking a maliciously crafted archive may allow an attacker to  
write arbitrary files  
Description: A race condition was addressed with improved locking.  
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-44177: an anonymous researcher

Game Center  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A file access issue was addressed with improved input  
validation.  
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-27880: Junsung Lee

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may lead to a denial-of-service  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero  
Day Initiative, an anonymous researcher

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

IOSurfaceAccelerator  
Available for: macOS Sonoma  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44169: Antonio Zekić

Kernel  
Available for: macOS Sonoma  
Impact: Network traffic may leak outside a VPN tunnel  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44165: Andrew Lytvynov

Mail Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service  
Description: A logic error was addressed with improved error handling.  
CVE-2024-44183: Olivier Levon

Notes  
Available for: macOS Sonoma  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44167: ajajfxhj

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44178: Mickey Jin (@patch1t)

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: This issue was addressed through improved state management.  
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to leak sensitive user  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44125: Zhongquan Li (@Guluisacat)

Security Initialization  
Available for: macOS Sonoma  
Impact: An app may be able to access protected user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40801: Zhongquan Li (@Guluisacat), Pedro José Pereira Vieito  
(@pvieito), an anonymous researcher

Shortcuts  
Available for: macOS Sonoma  
Impact: A shortcut may output sensitive user data without consent  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to observe data displayed to the user by  
Shortcuts  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

sudo  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40860: Arsenii Kostromin (0x3c3e)

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to read arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Sonoma 14.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboywEACgkQX+5d1TXa  
IvrDjxAA2tgRLOOTvFpZrVW/HEBxwCFUn7UkzXyfgUTuqntjSvmsc/pyVmPDpnOM  
UnLhZ4d3B6v44MSelhxSbomtGkggQfYAvcNmlPDk+yMMS0K5yRBJ3dobEt4e53Wj  
9DQl2cQfHxop3uaLRFRTRy5Wk46xIZcsPS3Obb0kLAZpnzD1K2UQ5tIgEVF2ETqi  
SaRlrjqsgiauG/qZ8pzJjQSB1/iNBJCf4TBMBmHHJ91zAVOiYxvVcIAcBl1cBK4m  
UU6Z0vF1NmNCTAu/8KPP0Y6AD5tM7ZrkotU1yTP8uey4r3Ec8XrZqzhTH05sMI5V  
Xt98UeRNl2EJQAJR2Wjfsa2u255SvJ9VJpOGpTff9npsP5c6a7fup2mcKSVmCJHG  
FxFoU9WC2Lx2fsb7kBZXx5y4+/lwKBh8gQBkqOB4vttUZIYwp/rwXJtBvwkSb3E+  
2MTYly0SAAAbwrGoImKsskbiOxB+Ebry2cZ4Rg8rKKwQIfpjpgCb2U97Ue1zCU/S  
lHCObpyD0HtDD13zYw3NXfbrcWS195WhLdgtVl9XJz90pQQwdcINzubGhILmabpl  
Q+QXoSuKNi0ooy9qO8yEmQdzF0swD/FZMqTmF6FFtFby4NpY6ooapHHyhJOGeqSn  
/Poj2T/Ay/xaX7VL2fUPU9n0KTNtp+HgvgpzMX31HpBNXo/96Eo=  
=YUrh  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-9

Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7iOS 17.7 and iPadOS 17.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121246.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to a locked device may be ableto Control Nearby Devices via accessibility featuresDescription: This issue was addressed through improved state management.CVE-2024-44171: Jake DerouinCompressionAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Unpacking a maliciously crafted archive may allow an attacker towrite arbitrary filesDescription: A race condition was addressed with improved locking.CVE-2024-27876: Snoolie Keffaber (@0xilis)Game CenterAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A file access issue was addressed with improved inputvalidation.CVE-2024-40850: Denis Tokarev (@illusionofcha0s)ImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to unexpected appterminationDescription: An out-of-bounds read issue was addressed with improvedinput validation.CVE-2024-27880: Junsung LeeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: An out-of-bounds access issue was addressed with improvedbounds checking.CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro ZeroDay Initiative, an anonymous researcherIOSurfaceAcceleratorAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause unexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2024-44169: Antonio ZekićKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Network traffic may leak outside a VPN tunnelDescription: A logic issue was addressed with improved checks.CVE-2024-44165: Andrew LytvynovKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may gain unauthorized access to BluetoothDescription: This issue was addressed through improved state management.CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy VanhoefMail AccountsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access information about a user's contactsDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)mDNSResponderAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause a denial-of-serviceDescription: A logic error was addressed with improved error handling.CVE-2024-44183: Olivier LevonSafari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Private Browsing tabs may be accessed without authenticationDescription: This issue was addressed through improved state management.CVE-2024-44127: Anamika AdhikariShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A shortcut may output sensitive user data without consentDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44158: Kirin (@Pwnrin)ShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to observe data displayed to the user byShortcutsDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSeaSync ServicesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed with improved checks.CVE-2024-44164: Mickey Jin (@patch1t)TransparencyAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A permissions issue was addressed with additionalrestrictions.CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)UIKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected app terminationDescription: The issue was addressed with improved bounds checks.CVE-2024-27879: Justin CohenThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7 and iPadOS 17.7".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmbo1AEACgkQX+5d1TXaIvr0LBAAn28J4FgN4GG7wRGwiXT2GIy0vuGDc8bbNiezEqpkSL1XtjFl0e4ChhtB7VWnEhCd2yq/6iy7yak3EiKuYngQZ79O3dBERviNFgM5pK8hxX46WR3K/M69U9iOszkmaOOE81mTiAKCjy4MP8qMsvHY79ZA0r9Bl2aJCQJMAscs4mQ+Gfy2OAWDHKrGd1iapLxp2jQRVDlguKL8slJDIql3LD2anZ/4qob9cnE9b2z0g0r8Iv/vjlZXdOseGx7TqQ/kWlg6rBHf9KhSjr+ipFfvFYJ9O+QCAcwgtilPkRmD4q3MiCZqG234qhmB4ZVrW3NrJQVR4ACF8e+tnB79pcXeVMvhytpUdY+fAxffihkbLzIydI5EriuAvtpitmI3hwqLwJBwHOSDroCOs6kIkDL4RXVCSkIuwiRfa/hWxVJE9lYQxUCH7vR4KomrwnuB7hhN3oqeRgXqtB1HcJ8Elu3KnA8rebF1X1TcMqTc5LbqZwCPDOAU07HfTVBaxWlLh0NfmXq2JIE+yozNTOySEvggfYiXL5JopRXocF0YWne63OoA0vhvljQhEClQRQifB4daPnmyxxJOWFhqY8dMcnrfb0xXB5OyxZFG1AiGLjg5qaSQYMAZoJvImuTVwFSKuKBHs7ahXn7EVojoe7m9WEiRqCXiORHmT6BF3vmWidni5Xs==J1rf-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-8

Apple has released iOS 18. We discuss the new privacy and security related features like the very handy Passwords app.

On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements.

One of the most promising new features is the new Passwords app. Built on the foundation of Apple’s password management system Keychain, Passwords makes it easier for users to access stored passwords and get an overview of their credentials.

Passwords App

One thing we often hear when we recommend the use of a password manager is that it’s too complicated. And, admittedly, many of them come with a learning curve. But Apple has made some steps in the right direction here.

Apple will also warn users if their credentials have been caught up in a data breach, so users can change their compromised password. In addition, users who have a weak password, or one that’s been used before, will be warned to pick a better one. Current users of the AutoFill function should notice how their passwords have automatically been added to the Passwords app.

iOS 18 also provides users with new tools to manage who can see their apps, how their contacts are shared, and how their iPhone connects to accessories. One of those tools allows users to adjust settings so that app notifications and content can’t inadvertently be seen by others. Another new feature is the ability to hide an app, which basically moves it to a locked, hidden apps folder that only the main user has access to. The basic functional apps can’t be hidden, but generally speaking if it’s on the App Store it can be hidden.

Hidden apps can be locked and unlocked with Face ID, Touch ID, or the device passcode, although there are a few exceptions. Account holders under age 13 can’t lock or hide an app so they can’t use it to dodge a parent’s watchful eye. Users between the ages of 13 and 18 can use these functions, but parents can still see what apps were downloaded and how much they are used.

Contact sharing is a lot more configurable, which makes life easier for those of us who use their device for work and private matters. Say, for example, a person uses an app solely for work, he might decide to share only work-related contacts with that app. Access can be updated as desired. Apple users can now see at a glance how many apps have access to data like location services, tracking, calendars, files and folders, contacts, and health information. When they tap on a particular category, users see a list of which apps have what level of access, such as limited or full.

Location services access overview

iOS 18 also prepares your device for Apple Intelligence which is expected next month.  

> “Apple Intelligence, the personal intelligence system that combines the power of generative models with personal context to deliver intelligence that is incredibly useful and relevant while protecting users’ privacy and security.”

Apple Intelligence is an artificial intelligence (AI) platform developed by Apple. Its features include on-device processing so it’s aware of your personal data, but doesn’t require Apple to collect or store it, and a new complex system designed to draw on larger server-based models to handle more complex requests, while still protecting user privacy.

I realize this sounds a lot like Microsoft’s Recall feature which was delayed after privacy and security concerns. We haven’t seen any pushback of that magnitude for Apple Intelligence. The main difference here are the regular “screenshots” that Microsoft wanted to deploy to help users later.

The privacy protections Apple promises can be important to users who want to have access to AI but are concerned about having their private data used to train models, which is something even AI enthusiasts are worried about to some extent.

To take those worries away, Apple created Private Cloud Compute (PCC), a cloud intelligence system designed specifically for private AI processing, which Apple says extends the privacy and security of Apple devices into the cloud.

A handy change for some users might be the new guest access for the Home app, which makes it easier for other members of your household to use your device to control any accessories connected to the Home app.

One safety feature I’m not that thrilled about is the Activation Lock. The Activation Lock feature is intended to block unauthorized repairs with parts from other iPhones and deter the resale of stolen components. It will link key parts like batteries, cameras, and displays to the original owner’s Apple account, making it harder to use or sell stolen parts. I fear this will only make it harder for users to go outside the channels under Apple’s control to get their devices repaired.

More new features of iOS 18 are discussed at length in this Apple newsroom article.

To check if you’re using the latest software version, go to **Settings** > **General** > **Software Update**. You want to be on iOS 18.0 or iPadOS 18.0, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

Available update

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 iOS 18 is out. Here are the new privacy and security features 

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.
"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.

"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith.

"We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards."

The sanctioned individuals and entities are listed below -

*   Felix Bitzios, the beneficial owner of an Intellexa Consortium company that's believed to have supplied Predator to a foreign government client and the manager of Intellexa S.A.

*   Andrea Nicola Constantino Hermes Gambazzi, the beneficial owner of Thalestris Limited and Intellexa Limited, which are both members of the Intellexa Consortium

*   Merom Harpaz, a top executive of the Intellexa Consortium and the manager of Intellexa S.A.

*   Panagiota Karaoli, director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited

*   Artemis Artemiou, an employee of Intellexa S.A., as well as the general manager and member of the board of Cytrox Holdings, another member of the Intellexa Consortium

*   Aliada GroupInc., a British Virgin Islands-based company and member of the Intellexa Consortium has facilitated tens of millions of dollars of transactions

Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium, the Treasury said, adding that Aliada Group is directed by Tal Jonathan Dilian, the founder of the Intellexa Consortium.

The department described the consortium as a "complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products."

The development comes a little over six months after the Treasury sanctioned Dilian, Sara Aleksandra Fayssal Hamou, and five other entities, including Intellexa S.A., on similar grounds.

It also follows a resurgence of Predator spyware activity after a period of relative silence by likely customers in Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia using new infrastructure that's designed to evade detection.

"The latest evolution of Predator infrastructure includes an additional tier in its delivery infrastructure to improve customer anonymization and enhanced operational security in its server configurations and associated domains," Recorded Future said.

"Although Predator spyware operators have changed significant aspects of their infrastructure setup, including changes that make country-specific attribution more challenging, they have largely retained their mode of operation."

It also follows Apple's decision to file a motion to dismiss its lawsuit against NSO Group for reasons that court disclosures could endanger its efforts to combat spyware, that there are steps being taken to avoid sharing information related to the Pegasus spyware, and that the impact could be diluted as a result of an expanding spyware market with new emerging players.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.

Clipper malware, also called **ClipBankers**, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker's control.

In doing so, digital asset transfers initiated on a compromised system are routed to a rogue wallet instead of the intended destination address.

"In clipping and switching, a cryware monitors the contents of a user's clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address," the tech giant noted way back in 2022. "If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipboard with the attacker's address."

Binance, in an advisory issued on September 13, 2024, said it has been tracking a widespread malware threat that intercepts data stored in the clipboard with an aim to swap out cryptocurrency wallet addresses.

"The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users," the exchange said. "The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant."

There is evidence to suggest that these malicious apps are inadvertently installed by users when searching for software in their native languages or through unofficial channels, primarily due to restrictions in their countries.

The company also said it's taking steps to blocklist the attacker addresses to prevent further fraudulent transactions, and that it has notified affected users, advising them to check for signs of suspicious software or plugins.

Besides urging users to refrain from downloading software from unofficial sources, Binance is calling for exercising caution when it comes to installing apps and plugins and ensuring they are authentic.

Blockchain analytics firm Chainalysis revealed last month that aggregate illicit activity on-chain has dropped by nearly 20% year-to-date, although stolen funds inflows nearly doubled from $857 million to $1.58 billion.

"Scammers for the most part continue to pivot away from broad-based ponzi schemes to more targeted campaigns like pig butchering, work from home scams, drainers, or address poisoning," it said, adding it observed a "rise in the use of Chinese language marketplaces and laundering networks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

Apple’s latest iPhone software update, iOS 18, arrives today and includes a new app: Passwords. For the first time, Apple is taking your phone’s ability to save login details and putting them in a standalone app. It could help improve millions of people’s terrible passwords.

After years of being told you should create unique, strong passwords for every website and app you use, you probably fall into one of two camps: people that are fully signed up to the password manager life, or those still using “123456” for every other website.

Apple’s new encrypted Passwords app is automatically included with iOS 18, and is a public-facing evolution of its Keychain and password-saving capabilities. The Keychain, which has existed for more than a decade, no longer has as prominent a home in the iPhone’s settings, and details previously saved there are being moved to the new app.

The launch of the password manager app, which will also be available on macOS Sequoia and iPadOS 18, may help improve people’s relationships with their passwords but also could, to varying degrees, challenge existing password managers.

“This move makes the app more visible to lay users and informs them about this secure method to store and manage passwords,” says Talal Haj Bakry and Tommy Mysk from security company Mysk. “You have a default password manager preinstalled on your device \[that\] provides end-to-end encryption when syncing data across devices.”

**New Passwords**

The Passwords app has a pretty barebones design. Six different tiles are presented when you open the app on an iPhone: All, Passkeys, Codes, Wi-Fi, Security, and Deleted. These are essentially the main functions of the app, allowing you to save each type of data within their relevant sections. The security section includes check-ups allowing weak and exposed passwords to be identified.

“This will definitely boost the adoption of this preinstalled app and bolster user security,” Bakry and Mysk say. They add that it presents the saved data “in a more organized way than the Settings app.”

Apple says the Passwords app uses end-to-end encryption to save your details, meaning nobody, not even Apple, knows what you have saved. Within the app, you can search for login details to your entries and set up groups to share passwords with other people.

Your saved login details are synced across Apple devices using iCloud, meaning the encrypted data is shared with Apple’s cloud servers and available on all of your Apple devices. Within Apple’s settings, you can turn off syncing passwords on a specific device. The app is locked using Face ID.

When using the Passwords app, any details you have previously saved in Keychain or AutoFill will be moved to the new location. This includes if you have used the Sign in with Apple login system on any websites or apps. It is unclear why Apple has decided to spin its Keychain system into a fully fledged password manager now, although the company has been building out the individual features over a number of years. (Apple has not responded to WIRED’s request for comment at the time of writing.)

For many people, having a standalone password manager app from Apple could encourage better password practices. Siamak Shahandashti, a senior lecturer in the University of York’s cybersecurity and privacy research group, says the move from Apple may be a usability decision. Making Passwords visible could encourage people to take their passwords seriously.

“We need to design authentication systems for human beings,” Shahandashti says. “We cannot expect users to maintain a hundred accounts, for each of them \[to\] use a strong password. It’s actually the fault of the designers because these systems have not been designed for users considering the capability of an average human being.”

**Death of the Password**

Passwords are slowly dying. Enter the passkey. For the past couple of years, websites, apps, and phone manufacturers have been in the process of rolling out passkeys—a technology that replaces passwords, is more secure, and doesn’t require you to remember any complex login details. (Although passkeys still have some teething problems.)

Leona Lassak, a research assistant at Ruhr-University Bochum who has studied passkey adoption, says greater “visibility” of the Passwords app can help get the sign-in technology to a broader audience, one which might not use a password manager otherwise. Apple’s Passwords app could help with the perception and transition to passkeys, Lassak says. “There has been discussion about the need for passkey managers, because once we actually use them on websites, there's probably going to be multiple for each website,” she says.

The app is also, at least subtly, encouraging the adoption of passkeys. Within Passwords’ settings, accessed through Apple’s System preferences, there’s the option to turn on “automatic” passkey upgrades, which will allow existing accounts to use passkeys when they are available.

**Lock In**

Password managers have existed for years and there are plenty of options you can use, from open source apps to browser-based management systems. Each comes with their own particular set of pros and cons.

Apple wading into the password management market by including a new app on millions of iPhones, Macs, and iPads could also impact the wider ecosystem. “There’s no question that Apple’s Passwords app would ‘sherlock’ third-party password managers—or make them less attractive,” say Bakry and Mysk, highlighting that people need to use iCloud to sync passwords in Apple’s system, and that those who are privacy conscious may not want this to happen automatically.

There’s also the risk of locking people into Apple’s password manager—at launch, there appear to be no options to export the saved data and use it in a commercial alternative. One competitor password manager has stressed that their software works on products “beyond” the “Apple ecosystem.” (People using Apple’s password management software on Windows devices can access saved details through iCloud for Windows.)

Ultimately, what password manager you use should reflect what type of software you want to support and the individual threats you may face. For many, Apple’s new app is probably better than not using a password manager at all.

Apple’s New Passwords App May Solve Your Login Nightmares

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact.

Mike Kosak, Senior Principal Intelligence Analyst, LastPass

September 16, 2024

4 Min Read

Source: Saphiens via Alamy Stock Photo

COMMENTARY

As the 2024 US presidential election approaches, cybersecurity is a frequent topic of conversation. From my time in the intelligence community supporting the Department of Defense, I'm familiar with government planning around elections. While the most discussed threats for 2024 are nation-state misinformation and disinformation, this election season, I'm also following cybersecurity threats to municipal election systems. 

The good news is the threat of an actual impactful disruption is low. As the US has funneled significant resources into securing elections over the past decade, US Cybersecurity and Infrastructure Security Agency (CISA) lead Jen Easterly said election infrastructure "has never been more secure." However, that doesn't mean threat actors aren't likely to attempt some sort of attacks, such as website defacements or distributed denial of service (DDoS) attacks against municipal election websites.

Here are the four threats against local election systems we will most likely hear about in 2024:

**Voting Machine Hacking**

The most high-profile threat to US elections is voting machine hacking. However, voting machines are rarely connected directly to the Internet, which aligns with current cybersecurity guidelines. This means the most realistic threat vector would require physical access to the machines, according to F5 Labs, a concern addressed through anti-tampering and physical security guidelines around the country. While cyber vulnerabilities within voting machines exist — as demonstrated annually at the DEFCON Voting Village hacking event — to date, there have been no reports of cyberattacks taking voting machines offline or changing votes, despite the clear value of such a capability to US adversaries.

**DDoS Attacks**

DDoS attacks are a less disruptive but more frequent threat to US elections. Election monitoring and information websites leveraging Google's Project Shield DDoS protection services experienced a 400% increase in weekly attacks during the 2022 midterms. While several companies like Cloudflare offer free DDoS protection services to election-related websites, some sites are still going down. Mississippi's election websites were briefly taken offline in 2022 by a DDoS attack claimed by a pro-Russia hacking group. However, the attack did not impact voting results or availability.

Given the increased profile of the presidential election, we can expect to see DDoS on a larger scale in 2024. However, as CISA and the FBI stated in a July 31 alert, these attacks would not prevent voters from casting their ballots.

**Ransomware**

The FBI and CISA released a similar alert on Aug. 15 related to ransomware disruptions, reassuring the public that any attack along these lines would not compromise the security or accuracy of voting. Ransomware groups will likely target municipalities — already a common target — in the run-up to the elections. 

For instance, a ransomware attack in April forced a Georgia county to temporarily disconnect from the state's voter registration system as a precautionary measure — highlighting disruptions that could occur around access to voter data or other election information. However, the FBI and CISA noted, "Any successful ransomware attack on election infrastructure tracked by FBI and CISA has remained localized and successfully managed with minimal disruption to election operations and no impact on the security and accuracy of ballot casting or tabulation processes or systems." Similar to DDoS attacks, no reporting suggests ransomware attacks have ever prevented a vote from being cast.

**Website Defacement and Email Access**

Website defacements are another common threat, where attackers take over election-related sites to alter data or images. These attacks can either aim to embarrass the site owner or subtly manipulate information, such as polling results or polling station hours.

In 2020, a threat actor briefly took over the campaign website for then President Trump, posting a derogatory message and seeking payment in return for not releasing data they claimed to have stolen. While these attacks may occur and could cause local disruptions, they would not impact the ability to vote or tally votes.

Hybrid cyber-physical threats, such as the increasing use of emails or spoofed phone numbers to deliver fake bomb threats or conduct swatting attacks, also present a concern, where false scenarios are reported to provoke a large police response. In 2018, a months-long campaign targeting US schools and businesses caused evacuations, police responses, and major disruptions. Similar attacks on election day could target polling stations, election offices, or ballot-counting sites.

Finally, threat actors (particularly nation-states) will continue to target email accounts of political operatives and organizations. The US intelligence community has already attributed social engineering attacks targeting both major US political parties to Iran. These attacks aimed to access sensitive or embarrassing information to influence the US election, highlighting the frequency of politically motivated social engineering attacks and the importance of secure, unique passwords and multifactor authentication. 

**Safeguarding the Vote**

While cyberattacks will undoubtedly target US election infrastructure over the next few months, it's important to place these events in the context of the protections put in place. Federal, state, local, and tribal governments, as well as international allies, have all been tracking these threats and implementing mitigations and contingencies to help ensure a secure and smooth election. 

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact. Voters should stay informed and rely on official sources to ensure their participation is not disrupted.

**About the Author**

Senior Principal Intelligence Analyst, LastPass

Mike Kosak is a former US Department of Defense (DoD) counterterrorism intelligence officer with more than 20 years of experience as a threat intelligence analyst. While with the DoD, he served in several senior intelligence officer roles, including leading the Pentagon office responsible for providing intelligence updates to the chairman of the Joint Chiefs of Staff, and was deployed to Iraq three times in support of Operation Iraqi Freedom. He also served as the acting senior command representative to the Joint Special Operations Command for the Defense Intelligence Agency. During his deployments, he led intelligence teams in support of both conventional and special forces. Following his government service, Kosak held private sector cyber intelligence positions at Bank of America, where he led the Strategic Cyber Intelligence and Threat Evaluation teams, and TIAA, where he led the Cyber Threat Intelligence team. He currently serves as the senior principal intelligence analyst at LastPass.

Cybersecurity &amp; the 2024 US Elections

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

Tag

#ios