Speaking of the new MacBook Pro, which Apple launched on Wednesday, Bloomberg News reports that the company is preparing to launch a touch-screen version of its Mac computer, reversing course on a stance that dates back to co-founder Steve Jobs. From the report: The company is readying a revamped MacBook Pro with a touch display for late 2026 or early 2027 [non-paywalled link], according to people with knowledge of the matter. The new machines, code-named K114 and K116, will also have thinner and lighter frames and run the M6 line of chips. In making the move, Apple is following the rest of the computing industry, which embraced touch-screen laptops more than a decade ago. The company has taken years to formulate its approach to the market, aiming to improve on current designs. Bloomberg News first reported in January 2023 that Apple was working on a touch-screen MacBook Pro. The new laptops will feature displays with OLED technology, the same standard used in iPhones and iPad Pros, said the people, who asked not to be identified because the products haven't been announced. It will mark the first time that this higher-end, thinner system is used in a Mac.

Read more of this story at Slashdot.

APPLE By Will Fastie> Now that Apple’s “OS 26” versions are out, I decided to examine Apple’s macOS update process on my Mac mini, now named “Orchard.” There was one thing in particular I wanted to check out, which I’ll detail at the end of the article. In general, my purpose was to see how […]

Apple has announced significant updates to its bug bounty program, including new categories and target flags.

The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.

An anonymous reader shares a report: Samsung Display president Lee Cheong has confirmed plans to make foldable smartphone displays for a major American company, which is widely believed to be Apple. As reported in Chosun Biz, Cheong last week told journalists in Seoul that the company is accelerating preparations for mass production of OLED displays designed for foldable smartphones to be supplied to a "North American client." He declined to provide further information about the client, but it is widely expected to be Apple.

Read more of this story at Slashdot.

Yesterday Apple released several updates for its operating systems. iOS 26.0.1 and iPadOS 26.0.1 iOS 18.7.1 and iPad OS 18.7.1 macOS Tahoe 26.0.1 macOS Sequoia 15.7.1 macOS Sonoma 14.8.1 visionOS 26.0.1 watchOS 26.0.2 tvOS 26.0.1 Most include security updates.  Some have complained about battery drain on iOS 26 but I’ve found that right after a […]

The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed.

The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.

I was on my local county assessor’s website yesterday and spotted this alert — that something in the latest release from Apple was causing users to have issues. I have seen some various smatterings of issues with iOS 26 but this is the first I’ve seen of a public website indicating major issues. Remember what […]

Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. [...]

Apple has announced major mobile and desktop platform releases and addressed an exploited bug in older platforms.

The post Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities appeared first on SecurityWeek.

Yesterday, Apple released iOS/iPadOS/macOS/watchOS/and tvOS 26. You can stay with iOS 18 or MacOS 15 or upgrade to the 26 version. My recommendation for iPhones is to stick with iOS 18 for now. Whenever there is a major release, you want to watch for any issues or side effects. The latest version of iOS and […]

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]

Apple’s latest operating systems for its most popular devices — iPhones, iPads and Macs — include patches for multiple vulnerabilities, but the company didn’t issue any warnings about active exploitation. 

Apple patched 27 defects with the release of iOS 26 and iPadOS 26 and 77 vulnerabilities with the release of macOS 26, including some bugs that affected software across all three devices. Apple’s new operating systems, which are now numbered for the year of their release, were published Monday as the company prepares to ship new iPhones later this week.

Users that don’t want to upgrade to the latest versions, which adopt a translucent design style Apple dubs “liquid glass,” can patch the most serious vulnerabilities by updating to iOS 18.7 and iPad 18.7 or macOS 15.7. Most Apple devices released in 2019 or earlier are not supported by the latest operating systems.

None of the vulnerabilities Apple disclosed this week appear to be under active attack, Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, told CyberScoop.

Apple previously issued an emergency software update to customers last month to patch a zero-day vulnerability — CVE-2025-43300 — that was “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a series of updates for iOS, iPadOS and macOS.

The company has addressed five actively exploited zero-days this year, including defects previously disclosed in January, February, March and April. Seven Apple vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog this year. 

Unlike many vendors, Apple doesn’t provide details about the severity of vulnerabilities it addresses in software updates. Childs noted it would be helpful if Apple issued some sort of initial severity indicator alongside the vulnerabilities it patches — even if it doesn’t follow the Common Vulnerability Scoring System.

A pair of vulnerabilities patched in macOS — CVE-2025-43298, which affects PackageKit, and CVE-2025-43304, which affects StorageKit — are concerning because exploitation could allow an attacker to gain root privileges, Childs said. 

“On the iOS side, I don’t see anything that makes me sweat immediately but there are a lot of bugs addressed,” he added.

Apple also patched seven defects in Safari 26, 19 vulnerabilities in watchOS 26, 18 bugs in visionOS 26 and five defects in Xcode 26. 

More information about the vulnerabilities and latest software versions are available on Apple’s security releases site.

The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.

APPLE By Will Fastie The usual fall iPhone event was unusual this year. I’m not yet sure what it portends for Apple and its customers, and I’m not alone. I don’t want to get off on the wrong foot. This event was about Apple’s personal devices — iPhones, AirPods, and Watches — not about computers. […]

PATCH WATCH By Susan Bradley September may be back-to-school for many students, but I’m back to testing Microsoft updates. As usual, my eyes and ears (in fact, all my senses) are glued to the latest patching news, reports, social media posts — all my sources — looking for the tiniest hint of trouble. You know, […]

Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware.

The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.

Apple's newly launched iPhone Air will ship globally without physical SIM card slots. The move follows the company previously eliminating SIM trays in US models starting in 2022. Global consultancy firm Roland Berger forecasts eSIM connections will reach 75% of smartphone connections by 2030, rising from 10% in 2023. CCS Insight predicts eSIM-capable handsets will increase from 1.3 billion to 3 billion by 2030. Google offers eSIM-only Pixel 10 models in the US.

Read more of this story at Slashdot.

Apple’s new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes.

The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on SecurityWeek.

Apple has unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a five-year engineering effort to combat sophisticated cyberattacks targeting individual users through memory corruption vulnerabilities.

The technology is built into Apple’s new iPhone 17 and iPhone Air devices, as well as the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. According to Apple’s security researchers, the system is primarily designed to defend against sophisticated attacks from so-called “mercenary spyware,” rather than from typical consumer malware.

“Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products,” the company wrote in a blog posted Tuesday. “Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.”

Memory corruption vulnerabilities have long accounted for some of the most pervasive threats to operating system security. These flaws happen when software doesn’t properly control how it reads from or writes to memory, allowing attackers to change, overwrite, or access parts of a computer’s memory they shouldn’t be able to.

Exploits targeting these flaws — in particular buffer overflows and use-after-free errors — have underpinned the sophisticated, multi-million-dollar exploit chain that powers spyware. Attackers exploit these flaws, often in “zero-click” (no user interaction required) scenarios, to run harmful code, steal data, or crash systems. For example, NSO Group’s Pegasus spyware was powered by three memory corruption vulnerabilities that were chained together. 

Recognizing this, Apple expanded efforts over the past five years to address memory safety “at scale.” The company worked closely with the chip designer Arm to improve a memory protection system where memory checks happen immediately, every single time memory is used, instead of sometimes waiting, which could leave a small window open for attackers. This led to the creation of Enhanced Memory Tagging Extension (EMTE), a key part of Apple’s new system.

EMTE works by giving each piece of memory a special secret tag. Whenever the device tries to use a particular section of memory, the hardware checks the tag to make sure it is correct. If the tag doesn’t match what is expected, the device will immediately stop the program and record the incident. By ensuring every block of memory has its own unique tag, and by changing these tags whenever memory is reused, Apple’s system blocks unauthorized access efforts before they can cause damage.

“Apple has a deep understanding of this problem space, and because they control both the hardware (Apple Silicon) and the software (iOS), they have the unique ability to engineer a tightly integrated and very effective security mechanism,” said Patrick Wardle, co-founder and CEO of DoubleYou, a company that specializes in Apple security. “This kind of approach, which depends on tight coupling between the chip and the operating system, is something most other vendors cannot replicate as easily since they do not own both sides of the stack.”

The company acknowledges in a blog post that the system does not entirely eliminate spyware’s ability to be executed on an Apple device, but makes it extremely difficult for attacks to successfully run spyware or maintain access if a device has been compromised. 

“While there’s no such thing as perfect security, MIE is designed to dramatically constrain attackers and their degrees of freedom during exploitation,” the blog post reads. 

The efforts mirror similar systems put in place by Microsoft, which has a memory integrity feature in Windows 11, and Google, which has a similar system in its Pixel devices.

Natalia Krapiva, senior tech-legal counsel at Access Now, told CyberScoop she thought it was “great” that Apple was taking effective measures since it’s “always a cat-and-mouse” game when large tech companies create ways to thwart spyware developers.

“These spyware developers like finding new ways of targeting people, evading detection and so on,” Krapiva told CyberScoop. “This is great to see Apple coming up with new ways to protect high-risk users.

The one drawback Krapiva did highlight is that this system is only available on new devices. AccessNow works internationally with groups that are often targeted by spyware on devices that are several generations older than what most consumers use. 

“For our communities, oftentimes these are grassroots, independent media. It’s very hard to afford new devices, especially Apple devices,” she told CyberScoop. “It could be a nice thing for Apple to have some kind of a program to allow for these types of groups to be able to access this.”

MIE can also be taken advantage of by third-party applications, including social media and messaging applications. Additionally, EMTE is available to all Apple developers in Xcode, its developer toolkit, as part of the Enhanced Security feature it rolled out earlier this year. 

The post Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers appeared first on CyberScoop.

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Microsoft assigns security flaws a “critical” rating when malware or miscreants can exploit them to gain remote access to a Windows system with little or no help from users. Among the more concerning critical bugs quashed this month is CVE-2025-54918. The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

Redmond rates this flaw as “Exploitation More Likely,” and although it is listed as a privilege escalation vulnerability, Kev Breen at Immersive says this one is actually exploitable over the network or the Internet.

“From Microsoft’s limited description, it appears that if an attacker is able to send specially crafted packets over the network to the target device, they would have the ability to gain SYSTEM-level privileges on the target machine,” Breen said. “The patch notes for this vulnerability state that ‘Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network,’ suggesting an attacker may already need to have access to the NTLM hash or the user’s credentials.”

Breen said another patch — CVE-2025-55234, a 8.8 CVSS-scored flaw affecting the Windows SMB client for sharing files across a network — also is listed as privilege escalation bug but is likewise remotely exploitable. This vulnerability was publicly disclosed prior to this month.

“Microsoft says that an attacker with network access would be able to perform a replay attack against a target host, which could result in the attacker gaining additional privileges, which could lead to code execution,” Breen noted.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution. Microsoft likewise thinks we are more than likely to see exploitation of this bug soon: The last time Microsoft patched an NTFS bug was in March 2025 and it was already being exploited in the wild as a zero-day.

“While the title of the CVE says ‘Remote Code Execution,’ this exploit is not remotely exploitable over the network, but instead needs an attacker to either have the ability to run code on the host or to convince a user to run a file that would trigger the exploit,” Breen said. “This is commonly seen in social engineering attacks, where they send the user a file to open as an attachment or a link to a file to download and run.”

Critical and remote code execution bugs tend to steal all the limelight, but Tenable Senior Staff Research Engineer Satnam Narang notes that nearly half of all vulnerabilities fixed by Microsoft this month are privilege escalation flaws that require an attacker to have gained access to a target system first before attempting to elevate privileges.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

On Sept. 3, Google fixed two flaws that were detected as exploited in zero-day attacks, including CVE-2025-38352, an elevation of privilege in the Android kernel, and CVE-2025-48543, also an elevation of privilege problem in the Android Runtime component.

Also, Apple recently patched its seventh zero-day (CVE-2025-43300) of this year. It was part of an exploit chain used along with a vulnerability in the WhatsApp (CVE-2025-55177) instant messenger to hack Apple devices. Amnesty International reports that the two zero-days have been used in “an advanced spyware campaign” over the past 90 days. The issue is fixed in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

The SANS Internet Storm Center has a clickable breakdown of each individual fix from Microsoft, indexed by severity and CVSS score. Enterprise Windows admins involved in testing patches before rolling them out should keep an eye on askwoody.com, which often has the skinny on wonky updates.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Windows 10 computers. For those interested in safely extending the lifespan and usefulness of these older machines, check out last month’s Patch Tuesday coverage for a few pointers.

As ever, please don’t neglect to back up your data (if not your entire system) at regular intervals, and feel free to sound off in the comments if you experience problems installing any of these fixes.

Apple's new Watch lineup introduces blood pressure monitoring, sleep scoring, and upgraded hardware across the Series 11 ($399), Ultra 3 ($799), and SE 3 ($249). Ars Technica reports: The Apple Watch 11 is supposed to be able to alert users about "possible hypertension" by using data from an optical heart rate sensor "to analyze how a user's blood vessels respond to the beats of the heart," per its announcement. According to Apple's presentation, the smartwatch will look for chronic hypertension over 30-day periods. Apple's presentation noted that the Watch Series 11 won't be able to identify all hypertension, but the company said that it expects to notify over 1 million people with undiagnosed hypertension during the feature's first year of availability. The feature is based on machine-learning and training data built from multiple studies examining over 100,000 people combined, Apple noted. Apple said it expects the blood pressure monitoring feature to receive Food and Drug Administration clearance soon and to get approval in 150 regions this month. The new watch will use a 5G modem and also introduce a feature that provides wearers with a "sleep score" that's based on the duration of their sleep, the consistency of their bedtime, how often they awaken from their sleep, and how much time they spend in each sleep stage. The Watch will analyze those factors every night and then provide a breakdown of how each score is calculated. The feature is based on an algorithm tested with 5 million nights of sleep data, Apple said. Other updates include the use of INX glass with ceramic coating that's supposed to make the Watch Series 11 two times more scratch-resistant than its predecessor. The Apple Watch Ultra 3 also debuted with hypertension notifications and sleep scoring, but comes equipped with a brighter edge-viewable OLED display, stronger radios with 5G and satellite support, and a larger 42-hour battery. It starts at $799. Meanwhile, the budget-friendly SE 3 adds the new S10 chip with always-on display, faster charging, and expanded health tracking -- including sleep scores, apnea alerts, and temperature monitoring. It starts at $249.

Read more of this story at Slashdot.