July 27, 2023
Apple released Rapid Security Response (RSR) late last week to cover for a vulnerability which is affecting all iPhones and iPads.
Apple released two new iOS versions, iOS 16.5.1 and iOS 15.7.7, last week. In a recently released Lookout threat guidance for Operation Triangulation, we described the severity of the Triangulation malware.
Triangulation malware is now known to be in use against Kaspersky employees for at least four years.
Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2023-3079 on June 5th.
Apple recently released two critical updates for iOS with heavy security implications.
Google Project Zero listed 18 vulnerabilities in Samsung Exynos modems produced by Samsung Semiconductor.
iOS 16.4.1 includes two critical fixes for two zero day vulnerabilities, CVE-2023-28206 and CVE-2023-28205, that have known exploits in the wild.
Apple recently released iOS 16.3.1, which includes a number of critical security fixes for vulnerabilities including CVE-2023-23514 and CVE-2023-23529.
Apple recently released two software updates with security fixes: iOS 16.1.2 and iOS 16.2.
Google patched a new zero-day found in the GPU component of the Chromium open-source web browser causing a heap buffer overflow.
Google TAG under Project Zero revealed an active kill chain that exploits vulnerabilities in Samsung devices.
Google recently released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind popular web browser
Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827
Google released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind some popular web browsers.
Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917.
Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit).
Apple released a software update to iOS and iPadOS 15.5 to patch 35 issues, including two critical vulnerabilities identified by Lookout which grant control of the device.
Researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are CVE-2022-1633 through CVE-2022-1641.
Google's Threat Analysis Group recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1364.
Google recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-0609.
Apple released an urgent software update to iOS 15.3 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to execute arbitrary code remotely.
There has been a critical vulnerability in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.
Apple released an urgent software update for iOS 15.0.1, in response to the latest zero-day vulnerability in the IOMobileFrameBuffer.
Security researchers recently unveiled a long-standing campaign that was being carried out by a new Iranian threat actor known as MalKamak.
Apple released an urgent software update for iOS 14.7 to patch a vulnerability that was found to be exploitable by attackers using the surveillanceware known as Pegasus.
A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.
Attackers were able to gain access to EA's infrastructure with employee credentials in cookies from Slack and exfiltrate almost 1TB of data.
Several vulnerabilities discovered in the Pulse Secure VPN are being exploited by threat actors to bypass authentication and install malware in enterprise infrastructure.
Apple released an urgent software update to iOS 14.4 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to perform arbitrary cross-scripting.
The expanded remote workforce has increased organizations’ threat surface in the cloud, which resulted in a surge of attacks and breaches on Microsoft Office 365 services.
Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.
This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could access any capability that the browser has.
Vulnerability in Firefox for Android, found in the app's SSDP protocols, allows an attacker to trigger actions on a victim’s device if connected to the same Wi-Fi network.
This vulnerability in Instagram for Android app versions prior to 184.108.40.206.128 could allow attackers to take control of Instagram's functionality and permissions.
Unc0ver is a widely used jailbreak present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.
This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.
A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.
The Voatz vulnerability, discovered by researchers at MIT, could allow hackers to see someone’s vote or even change their vote.
Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.
In January 2020, two US military organizations banned TikTok because of communication with servers in China and Russia.
Promon, a Lookout partner, reported on Strandhogg, a vulnerability in the Android OS that allows for one app to display an Activity in the UI context of another app.
Based on millions of iOS users that have installed Lookout and Lookout for Work apps, more than 80% of iPhones are vulnerable.
SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
Spectre & Meltdown are arguably two of the biggest vulnerabilities in computing and certainly mobile history.
Today, Lookout released the technical details behind “Trident,” a series of iOS vulnerabilities that allow attackers to jailbreak a user’s device and install spyware.
Lookout and our partners discovered another detail: three software holes were present in Apple’s Mac computers.
Trident allows an adversary to silently jailbreak an iOS device and stealthily spy on victims, collecting information from apps. Here’s what CISOs should know.
Apple released the latest version of iOS version 9.3.3 on July 18 including patches for 43 security vulnerabilities.
Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many opportunistic attackers.