Apple Sets Trap to Catch iMessage Impersonators

Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches.
The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors abusing its iMessage server infrastructure.
With the activation, fully patched iPhones and macOS-powered devices adds an ON/OFF toggle for users to verify they're messaging only with the people that they intend and receive alerts if there's a hiccup in the verification process.
Apple first announced the feature in October and is positioning it as another roadblock to raise the cost for advanced threat actors and mercenary hacking companies that target its iMessage service.
In the past, surveillance spyware vendors like NSO Group have been caught using iMessage zero-days and zero-click exploits against high-profile targets around the world.
Apple previously rolled out 'Lockdown Mode' to remove attack surfaces and block state-sponsored malware exploits on its platform for the company continues to struggle to contain a surge in in-the-wild zero-days.
The company has published guidance on turning on the new feature to help users to automatically they're messaging with the intended person.
Devices must be running iOS 17.2, macOS 14.2 or watchOS 9.2 on all devices signed in to iMessage.
IPhone and macOS users can manually verify contacts by comparing verification codes.
The new feature comes alongside patches for multiple serious vulnerabilities that expose iOS and macOS users to malicious hacker attacks.
The newest iOS 17.2 and iPadOS 17.2 contains fixes for at least 11 documented security defects, some serious enough to lead to arbitrary code execution or app sandbox escapes.
According to an advisory from Cupertino's security response team, the most serious issue is a memory corruption in ImageIO that may lead to arbitrary code execution when certain images are processed.
The iOS 17.2 rollout also addresses a code execution flaw in the WebKit rendering engine and a memory safety issue that allows apps to break out of the device sandbox.
Separately, Apple rolled out iOS 16.7.3 and iPadOS 16.7.3 to provide a batch of security fixes to devices running older versions of the operating system.
Those updates also include fixes for previously documented WebKit zero-days caught via in-the-wild exploitation.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Dec 2023 17:43:04 +0000


Cyber News related to Apple Sets Trap to Catch iMessage Impersonators

Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Securityweek.com
Apple Sets Trap to Catch iMessage Impersonators - Apple's latest iOS and macOS platform refresh came with a lot more than urgent security patches. The company activated a new feature called iMessage Contact Key Verification in another attempt to block impersonators and sophisticated threat actors ...
1 year ago Packetstormsecurity.com
CVE-2021-24752 - Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top ...
2 years ago
Apple Smashes Ban Hammer on Beeper iMessage Users - Apple has taken to banning Beeper's Android users from iMessage entirely. Tim's crew still claims Beeper is a threat to user security, but nobody's buying that excuse. Cofounder Eric Migicovsky has all but given up Beeper's game of Whac-A-Mole. In ...
11 months ago Securityboulevard.com
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
CVE-2021-46928 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2021-47350 - In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from kernel. Especially, the function is_exec_fault() will return 'false' when an ...
7 months ago Tenable.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
11 months ago Silicon.co.uk
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
7 months ago Eff.org
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
Apple's Push Notification Data Used to Investigate Capitol Rioters; Apple Sets Higher Legal bar - When it initially came to light that governments globally demanded push notification data from Apple and Google, suspicion mounted that the US government was doing the same. This has now been confirmed, with one use of it being the monitoring the ...
1 year ago Cysecurity.news
iPhone 0-click spyware campaign 'Triangulation' detailed - Months after blowing the whistle on a sophisticated campaign that dropped full-featured spyware onto iPhones, researchers have disclosed more about the attack's complex exploit chain that abused four separate vulnerabilities. Among the finding are ...
11 months ago Packetstormsecurity.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
CVE-2021-47428 - In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had ...
7 months ago Tenable.com
iPhone Triangulation attack abused undocumented hardware feature - The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering ...
11 months ago Bleepingcomputer.com
CVE-2022-23812 - This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, ...
1 year ago
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
10 months ago Techrepublic.com
'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections - The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. A previously undocumented hardware feature within Apple's iPhone System on a Chip allows for exploitation of ...
11 months ago Darkreading.com
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
1 year ago Techrepublic.com
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection - Apple today launched a new tool for iPhones to help reduce what a thief with your phone and passcode can access. The feature, called Stolen Device Protection, adds extra layers of protection to your iPhone when someone tries to access or change ...
10 months ago Wired.com
Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
5 months ago Darkreading.com
0-click iMessage Attacks to Hack iPhones - Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. Here below, we have mentioned all the four zero-days that were discovered:-. Attackers ...
11 months ago Gbhackers.com
Apple researchers achieve breakthroughs in multimodal AI as company ramps up investments - Join leaders in Boston on March 27 for an exclusive night of networking, insights, and conversation. Apple researchers have developed new methods for training large language models on both text and images, enabling more powerful and flexible AI ...
9 months ago Venturebeat.com
Apple alert: India opposition says government tried to hack phones - Some Indian opposition leaders have accused the government of trying to hack into their phones after receiving warning messages from Apple. Apple's alert said it believed the recipient was "Being targeted by state-sponsored attackers". He added that ...
1 year ago Bbc.com
Apple To Overhaul 'Confusing' iPad Family - New versions of iPad Pro and iPad Air reportedly on the way, as Apple seeks to make iPad portfolio less confusing. Apple is reportedly planning a major overhaul of its iPad portfolio, as the tablet family has been described as confusing due to the ...
1 year ago Silicon.co.uk

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)