Yesterday Apple released several updates for its operating systems. iOS 26.0.1 and iPadOS 26.0.1 iOS 18.7.1 and iPad OS 18.7.1 macOS Tahoe 26.0.1 macOS Sequoia 15.7.1 macOS Sonoma 14.8.1 visionOS 26.0.1 watchOS 26.0.2 tvOS 26.0.1 Most include security updates.  Some have complained about battery drain on iOS 26 but I’ve found that right after a […]

The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed.

The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.

Apple has announced major mobile and desktop platform releases and addressed an exploited bug in older platforms.

The post Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities appeared first on SecurityWeek.

Yesterday, Apple released iOS/iPadOS/macOS/watchOS/and tvOS 26. You can stay with iOS 18 or MacOS 15 or upgrade to the 26 version. My recommendation for iPhones is to stick with iOS 18 for now. Whenever there is a major release, you want to watch for any issues or side effects. The latest version of iOS and […]

Apple released iOS 26, iPadOS 26 and macOS Tahoe 26 today, introducing Liquid Glass, a translucent design language that represents the biggest visual redesign since iOS 7 in 2013. The new interface elements dynamically refract and reflect background content across all three platforms. iOS 26 requires iPhone 11 or later and second-generation iPhone SE or newer. iPadOS 26 runs on the same hardware as iPadOS 18 except the 7th-generation iPad. macOS Tahoe 26 supports all Apple silicon Macs, the 2019 16-inch MacBook Pro, 2020 13-inch MacBook Pro, 2020 and later iMac, and 2019 and later Mac Pro. The transparent menu bar on macOS increases perceived display size. iOS 26's adaptive Lock Screen time display resizes around notifications and Live Activities. Desktop icons, folders, app icons and widgets support light, dark, tinted, and clear appearances across all systems. iOS 26 adds Visual Intelligence for on-screen content analysis through screenshot button combinations. Live Translation operates across Messages, FaceTime and Phone on all platforms, translating text and audio in real-time on-device. The Camera app received streamlined navigation and lens cleaning hints for iPhone 15 and later models. iPadOS 26 brings Mac-style windowing and multitasking. Apps support free-form placement and menu bars. The Phone app and new Apple Games app arrived on iPad. macOS gained the Phone app through Continuity, including Call Screening and Hold Assist features. Spotlight executes hundreds of actions without opening applications and automatically assigns quick keys to frequent actions. Apple Intelligence expands across all systems. The Shortcuts app gained intelligent actions for text summarization and image generation. The Wallet app tracks orders across platforms, while Apple Music introduced AutoMix for song transitions.

Read more of this story at Slashdot.

I often recommend updating your firmware to the latest before installing a feature release. But if you have ever followed my patching advice you will know that I stay away from betas, pre-release, and all other “bleeding edge” sort of software. I mean, the release software is buggy enough. Do we need to purposely choose […]

Apple has unveiled a comprehensive security system called Memory Integrity Enforcement (MIE) that represents a five-year engineering effort to combat sophisticated cyberattacks targeting individual users through memory corruption vulnerabilities.

The technology is built into Apple’s new iPhone 17 and iPhone Air devices, as well as the A19 and A19 Pro chips. It combines custom-designed hardware with changes to the operating system to deliver what Apple describes as “industry-first, always-on” memory safety protection. According to Apple’s security researchers, the system is primarily designed to defend against sophisticated attacks from so-called “mercenary spyware,” rather than from typical consumer malware.

“Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products,” the company wrote in a blog posted Tuesday. “Because of how dramatically it reduces an attacker’s ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.”

Memory corruption vulnerabilities have long accounted for some of the most pervasive threats to operating system security. These flaws happen when software doesn’t properly control how it reads from or writes to memory, allowing attackers to change, overwrite, or access parts of a computer’s memory they shouldn’t be able to.

Exploits targeting these flaws — in particular buffer overflows and use-after-free errors — have underpinned the sophisticated, multi-million-dollar exploit chain that powers spyware. Attackers exploit these flaws, often in “zero-click” (no user interaction required) scenarios, to run harmful code, steal data, or crash systems. For example, NSO Group’s Pegasus spyware was powered by three memory corruption vulnerabilities that were chained together. 

Recognizing this, Apple expanded efforts over the past five years to address memory safety “at scale.” The company worked closely with the chip designer Arm to improve a memory protection system where memory checks happen immediately, every single time memory is used, instead of sometimes waiting, which could leave a small window open for attackers. This led to the creation of Enhanced Memory Tagging Extension (EMTE), a key part of Apple’s new system.

EMTE works by giving each piece of memory a special secret tag. Whenever the device tries to use a particular section of memory, the hardware checks the tag to make sure it is correct. If the tag doesn’t match what is expected, the device will immediately stop the program and record the incident. By ensuring every block of memory has its own unique tag, and by changing these tags whenever memory is reused, Apple’s system blocks unauthorized access efforts before they can cause damage.

“Apple has a deep understanding of this problem space, and because they control both the hardware (Apple Silicon) and the software (iOS), they have the unique ability to engineer a tightly integrated and very effective security mechanism,” said Patrick Wardle, co-founder and CEO of DoubleYou, a company that specializes in Apple security. “This kind of approach, which depends on tight coupling between the chip and the operating system, is something most other vendors cannot replicate as easily since they do not own both sides of the stack.”

The company acknowledges in a blog post that the system does not entirely eliminate spyware’s ability to be executed on an Apple device, but makes it extremely difficult for attacks to successfully run spyware or maintain access if a device has been compromised. 

“While there’s no such thing as perfect security, MIE is designed to dramatically constrain attackers and their degrees of freedom during exploitation,” the blog post reads. 

The efforts mirror similar systems put in place by Microsoft, which has a memory integrity feature in Windows 11, and Google, which has a similar system in its Pixel devices.

Natalia Krapiva, senior tech-legal counsel at Access Now, told CyberScoop she thought it was “great” that Apple was taking effective measures since it’s “always a cat-and-mouse” game when large tech companies create ways to thwart spyware developers.

“These spyware developers like finding new ways of targeting people, evading detection and so on,” Krapiva told CyberScoop. “This is great to see Apple coming up with new ways to protect high-risk users.

The one drawback Krapiva did highlight is that this system is only available on new devices. AccessNow works internationally with groups that are often targeted by spyware on devices that are several generations older than what most consumers use. 

“For our communities, oftentimes these are grassroots, independent media. It’s very hard to afford new devices, especially Apple devices,” she told CyberScoop. “It could be a nice thing for Apple to have some kind of a program to allow for these types of groups to be able to access this.”

MIE can also be taken advantage of by third-party applications, including social media and messaging applications. Additionally, EMTE is available to all Apple developers in Xcode, its developer toolkit, as part of the Enhanced Security feature it rolled out earlier this year. 

The post Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers appeared first on CyberScoop.

By Susan Bradley Be very careful with updates this month. KB5063878, an August 12 “routine” security update for Windows 11 24H2, seems to have sparked a potentially serious problem. I’ll get into that in a second, but the key takeaway is that I’m not lowering the MS-DEFCON level to 4 or 5, as I usually […]

Apple is out with its Patch Wednesday, releasing the following: iOS 18.6.2 and iPadOS 18.6.2 iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later 20 […]

Apple rushed an emergency software update to its customers Wednesday to address an actively exploited zero-day vulnerability affecting the software powering the company’s most popular devices. The out-of-bounds write defect — CVE-2025-43300 — allows attackers to process a malicious image file resulting in memory corruption. 

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a series of security updates for iOS, iPadOS and macOS.

The Cybersecurity and Infrastructure Security Agency added the defect to its known exploited vulnerabilities catalog Thursday.

Apple did not say how many active exploits it’s aware of or how many people are impacted. The company did not respond to a request for comment. 

Apple typically shares limited details about in-the-wild exploitation of zero-days, yet it has used stronger language in at least five vulnerability disclosures this year to indicate when sophisticated attackers are involved or specific people are targeted by these attacks, according to Satnam Narang, senior staff research engineer at Tenable.

“This language suggests that Apple is being purposeful in its external communication,” Narang said in an email. “While the impact to the wider populace is smaller because the attackers exploiting CVE-2025-43300 had a narrow, targeted focus, Apple wants the public to pay attention to the threat and take immediate action.”

Apple said it improved bounds checking to address the vulnerability and advised customers on impacted versions of the affected software to apply the update immediately. The defect affects macOS versions before 13.7 and 15.6, iPadOS versions before 17.7 and iOS and iPadOS versions before 18.6.

“While the possibility of the average user being a target is low,” Narang said, “it’s never zero.”

The vulnerability marks the fifth zero-day Apple has addressed this year, including defects previously disclosed and patched in January, February, March and April. Apple defects have made seven appearances on CISA’s known exploited vulnerabilities this year.

More information about the vulnerability is available on Apple’s website.

The post Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS appeared first on CyberScoop.

Released back on July 29 and 30, iOS 18.6, iPadOS 18.6, iPadOS 17.7.9, Sequoia, Sonoma, Venture, etc., etc., all got updates. Safari 18.6 received an update on July 30. Often, I forget that Apple is dribbling out patches until I read it elsewhere, or my Defender for iOS pops up and recommends that I install […]

HISTORY By Ed Tittel Back in the early 1980s, standardized networking technology was still years off. During that period, I had to learn and work with AppleTalk, NetBEUI/NetBIOS, DECnet, IBM/SNA, IPX/SPX, OSI and — of course — TCP/IP. At one point, I could give you reasons why one might — or might not — choose […]

APPLE By Will Fastie Apple’s entire keynote for this year’s Worldwide Developers Conference focused on extensive changes to all its operating systems. There were no hardware or device announcements, but changes to macOS have profound ramifications for Intel-based Apple devices from previous generations. Some Apple users will be unhappy. Read the full story in our […]