September 22, 2023
Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.
September 12, 2023
Apple released two security updates, 16.6.1 and 15.7.9 for iOS and iPadOS to address the vulnerabilities exploited by the BlastPass exploitation chain.
July 27, 2023
Apple released Rapid Security Response (RSR) late last week to cover for a vulnerability which is affecting all iPhones and iPads.
Apple released two new iOS versions, iOS 16.5.1 and iOS 15.7.7, last week. In a recently released Lookout threat guidance for Operation Triangulation, we described the severity of the Triangulation malware.
Triangulation malware is now known to be in use against Kaspersky employees for at least four years.
Apple recently released two critical updates for iOS with heavy security implications.
Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app.
iOS 16.4.1 includes two critical fixes for two zero day vulnerabilities, CVE-2023-28206 and CVE-2023-28205, that have known exploits in the wild.
Apple recently released iOS 16.3.1, which includes a number of critical security fixes for vulnerabilities including CVE-2023-23514 and CVE-2023-23529.
Apple recently released two software updates with security fixes: iOS 16.1.2 and iOS 16.2.
Researchers at Lookout have discovered close to 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior.
Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827
Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917.
Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit).
Apple released a software update to iOS and iPadOS 15.5 to patch 35 issues, including two critical vulnerabilities identified by Lookout which grant control of the device.
Apple released an urgent software update to iOS 15.3 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to execute arbitrary code remotely.
This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.
Apple released an urgent software update for iOS 15.0.1, in response to the latest zero-day vulnerability in the IOMobileFrameBuffer.
Apple released an urgent software update for iOS 14.7 to patch a vulnerability that was found to be exploitable by attackers using the surveillanceware known as Pegasus.
Apple released an urgent software update to iOS 14.4 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to perform arbitrary cross-scripting.
A blackmail and sextortion campaign targeting individual users on both iOS and Android
The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan.
The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.
Lookout conducted an in-depth analysis of the fake TikTok Pro app and has classified it as toll fraud malware.
Unc0ver is a widely used jailbreak present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.
A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.
LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.
Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.
In January 2020, two US military organizations banned TikTok because of communication with servers in China and Russia.
ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.
Based on millions of iOS users that have installed Lookout and Lookout for Work apps, more than 80% of iPhones are vulnerable.
SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
eSurvAgent is a sophisticated Android surveillanceware agent.
Lookout Security Intelligence has discovered Android and iOS surveillanceware tools targeting govt. officials, diplomats, military personnel, and activists.
Spectre & Meltdown are arguably two of the biggest vulnerabilities in computing and certainly mobile history.
Lookout have identified a mobile trojan called xRAT with extensive data collection functionality and the ability to remotely run a suicide function to avoid detection.
When WannaCry started disrupting business operations, mobile devices enabled some work to continue. However, the majority of business are unprepared for an attack on mobile.
Apple released an update to iOS (10.3) changing how Mobile Safari handles JavaScript pop-ups after Lookout discovered scammers using the functionality to execute scareware.
Today, Lookout released the technical details behind “Trident,” a series of iOS vulnerabilities that allow attackers to jailbreak a user’s device and install spyware.
Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” This is the most sophisticated mobile attack seen.
Lookout and our partners discovered another detail: three software holes were present in Apple’s Mac computers.
Trident allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps. Here’s what CISOs should know.
Apple released the latest version of iOS version 9.3.3 on July 18 including patches for 43 security vulnerabilities.
Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many opportunistic attackers.
Lookout researchers have been tracking Android and iOS surveillanceware, that can exfiltrate contacts, recordings, photos, & more. Discover what was found.
Recently, news broke about a concerning app called InstaAgent. The app connects to the victim’s Instagram account and steals the user’s login credentials.
How did one of the most widely-used, South Korean government-approved "monitoring software" solutions actually leave children's data wide open? Learn more.
Lookout protects you from XcodeGhost by automatically detecting and alerting you to the offending app. See how iOS users are being protected with Lookout.
Researchers recently found a piece of iOS malware called XcodeGhost in a number of apps in the Apple App Store. XcodeGhost is a piece of malware that can steal data
The recently revealed KeyRaider is yet another proof point that malicious actors are looking to tinker with iOS.