InfoSecBulletin Cybersecurity for mankind
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities.
Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled device functions, or stolen important information.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Key Vulnerabilities Fixed in iOS 18:
Apple’s security bulletin reveals various vulnerabilities in iOS 18, affecting system apps, features, and services. Here are the key points:
Accessibility Flaws: Four serious accessibility-related vulnerabilities were identified. One flaw (CVE-2024-40840) lets an attacker with physical access use Siri to reach sensitive data on a locked iPhone. Another vulnerability (CVE-2024-44171) permits an attacker to control nearby devices through accessibility features, bypassing the lock screen security.
Bluetooth Exploit: A Bluetooth vulnerability (CVE-2024-44124) could let a malicious device, like a hacked keyboard, bypass pairing and connect to users’ devices. This is particularly risky since Bluetooth devices are usually trusted, exposing users to potential breaches.
Kernel Flaw: A serious vulnerability (CVE-2024-44165) may cause VPN traffic to leak outside a secure tunnel, compromising user privacy and the purpose of VPNs. This is particularly alarming for users who count on VPNs for safe internet access, as it could allow hackers to intercept sensitive data.
Mail App Flaw: A flaw in the Mail app (CVE-2024-40791) let apps access contact information without permission, risking exposure of details that could result in phishing or other fraud.
Siri Vulnerabilities: Besides the accessibility issue, two other Siri vulnerabilities were fixed. One (CVE-2024-44139 and CVE-2024-44180) allowed attackers with physical access to access contacts from the lock screen. The other (CVE-2024-44170) let apps obtain sensitive data through Siri without user permission.
Webkit Flaws: Webkit vulnerabilities (CVE-2024-44187) could have enabled harmful web content to exploit cross-site scripting attacks or steal cross-origin data. As Webkit powers Safari, this issue posed serious risks to user privacy while browsing online.
Wi-Fi Disconnection Attack: A flaw (CVE-2024-40856) in iOS 18’s Wi-Fi system could let hackers disconnect an iPhone from a secure network, making users vulnerable if they later reconnect to an insecure one.
