Graphite spyware used in Apple iOS zero-click attacks on journalists

Forensic investigation has confirmed the use of Paragon’s Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. Researchers at Citizen Lab say that the victims were a prominent European journalists who requested anonimity and Ciro Pellegrino, a journalist at Italian publication Fanpage.it. “Our analysis finds forensic evidence […]

Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE attacks

​A set of security vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. According to cybersecurity company Oligo Security security researchers who discovered and reported the flaws, they can be exploited in zero-click and one-click RCE attacks, man-in-the-middle (MITM) attacks, […]

Apple fixes two zero-days exploited in targeted iPhone attacks

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an “extremely sophisticated attack” against specific targets’ iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. “Apple is aware of a report that this issue may have been exploited in […]

Apple fined €150 million over App Tracking Transparency issues

Autorité de la concurrence, France’s antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices. App Tracking Transparency (ATT) requires apps to request users’ permission to collect their data for targeted advertising purposes before tracking […]

Apple pulls iCloud end-to-end encryption feature in the UK

Apple will no longer offer iCloud end-to-end encryption in the United Kingdom after the government requested a backdoor to access Apple customers’ encrypted cloud data. As Apple told BleepingComputer on Friday, the optional Advanced Data Protection (ADP) feature introduced in December 2022 will no longer be available for new users in the U.K. starting today. This decision follows a secret […]

New Apple CPU side-channel attacks steal data from browsers

A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed ‘iLeakage‘ in October 2023,  presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws […]

Apple fixes this year’s first actively exploited zero-day bug

​Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple’s Core Media framework. “A malicious application may be able to elevate privileges. […]

Microsoft: macOS bug lets hackers install malicious kernel drivers

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected […]