May
7
7:00 AM07:00
Let Loose
Apple special event for May 7“, Let Loose.”, will be online and take place at 7 a.m. PT/10 a.m. ET.
Jun
10
to Jun 14
WWDC 2024
35th annual Worldwide Developers Conference is set to take place from Monday, June 10 to Friday, June 14.
Mar
11
12:00 PM12:00
February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign
Researchers uncovered a new campaign with FakeUpdates, also known as SocGolish, targeting and compromising WordPress websites with hacked admin accounts. Meanwhile, Play entered the top three of most wanted ransomware groups and education remained the most attacked sector worldwide
Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to infiltrate websites by utilizing altered editions of authentic WordPress plugins, and tricking individuals into downloading a Remote Access Trojan. Meanwhile, even following its takedown towards the end of February, Lockbit3 remained the most prevalent ransomware group, responsible for 20% of published attacks, and education continued to be the most impacted industry worldwide.
FakeUpdates, also known as SocGholish, has been operational since at least 2017, and uses JavaScript malware to target websites, especially those with content management systems. Often ranked the most prevalent malware in the Threat Index, the FakeUpdates malware aims to trick users into downloading malicious software and despite efforts to stop it, it remains a significant threat to website security and user data. This sophisticated malware variant has previously been associated with the Russian cybercrime group known as Evil Corp. Due to its downloader functionality, it is believed that the group monetizes the malware by selling access to the systems that it infects, leading to other malware infections if the group provides access to multiple customers.
Websites are the digital storefronts of our world, crucial for communication, commerce, and connection. Defending them from cyberthreats isn’t just about safeguarding code; it is about protecting our online presence and the essential functions of our interconnected society. If cybercriminals choose to use them as a vehicle to covertly spread malware, that could impact future revenue generation and the reputation of an organization. It is vital to put preventative measures in and adopt a culture of zero tolerance to ensure absolute protection from threats.
Mar
7
12:00 PM12:00
Safari 17.4
Released March 7, 2024
Safari Private Browsing
Available for: macOS Monterey and macOS Ventura
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2024-23273: Matej Rabzelj
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 263758
CVE-2024-23252: anbu1024 of SecANT
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: A malicious website may exfiltrate audio data cross-origin
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 263795
CVE-2024-23254: James Lee (@Windowsrcer)
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: A logic issue was addressed with improved validation.
WebKit Bugzilla: 264811
CVE-2024-23263: Johan Carlsson (joaxcar)
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An injection issue was addressed with improved validation.
WebKit Bugzilla: 266703
CVE-2024-23280: an anonymous researcher
WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 267241
CVE-2024-23284: Georg Felber and Marco Squarcina
Additional recognition
Safari
We would like to acknowledge Abhinav Saraswat and Matthew C for their assistance.
Mar
7
12:00 PM12:00
macOS Monterey 12.7.4
Released March 7, 2024
Admin Framework
Available for: macOS Monterey
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2024-23276: Kirin (@Pwnrin)
Airport
Available for: macOS Monterey
Impact: An app may be able to read sensitive location information
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2024-23227: Brian McNulty
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2024-23269: Mickey Jin (@patch1t)
ColorSync
Available for: macOS Monterey
Impact: Processing a file may lead to unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2024-23247: m4yfly with TianGong Team of Legendsec at Qi'anxin Group
CoreCrypto
Available for: macOS Monterey
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key
Description: A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions.
CVE-2024-23218: Clemens Lang
Dock
Available for: macOS Monterey
Impact: An app from a standard user account may be able to escalate privilege after admin user login
Description: A logic issue was addressed with improved restrictions.
CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec
Image Processing
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2024-23270: an anonymous researcher
ImageIO
Available for: macOS Monterey
Impact: Processing an image may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2024-23286: Dohyun Lee (@l33d0hyun)
ImageIO
Available for: macOS Monterey
Impact: Processing an image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2024-23234: Murray Mike
Kerberos v5 PAM module
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)
Kernel
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A memory corruption vulnerability was addressed with improved locking.
CVE-2024-23265: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
Description: A memory corruption issue was addressed with improved validation.
CVE-2024-23225
libxpc
Available for: macOS Monterey
Impact: An app may be able to cause a denial-of-service
Description: A permissions issue was addressed with additional restrictions.
CVE-2024-23201: Koh M. Nakagawa of FFRI Security, Inc. and an anonymous researcher
MediaRemote
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2023-28826: Meng Zhang (鲸落) of NorthSea
Metal
Available for: macOS Monterey
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative
Notes
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2024-23283
PackageKit
Available for: macOS Monterey
Impact: An app may be able to elevate privileges
Description: An injection issue was addressed with improved input validation.
CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)
CVE-2024-23268: Mickey Jin (@patch1t), and Pedro Tôrres (@t0rr3sp3dr0)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to access protected user data
Description: A race condition was addressed with additional validation.
CVE-2024-23275: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to bypass certain Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2024-23267: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to overwrite arbitrary files
Description: A path handling issue was addressed with improved validation.
CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)
SharedFileList
Available for: macOS Monterey
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved file handling.
CVE-2024-23230: Mickey Jin (@patch1t)
Shortcuts
Available for: macOS Monterey
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
Description: The issue was addressed with additional permissions checks.
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)
Shortcuts
Available for: macOS Monterey
Impact: Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2024-23245: an anonymous researcher
Storage Services
Available for: macOS Monterey
Impact: A user may gain access to protected parts of the file system
Description: A logic issue was addressed with improved checks.
CVE-2024-23272: Mickey Jin (@patch1t)
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Published Date: March 07, 2024
Mar
5
12:00 PM12:00
Apple Updates macOS 14.3.1, iOS 17.4, iPadOS 17.4
If already at the base os version, these updates are highly recommended. If running an older operating system, a thorough evaluation and preparation is advised before upgrading.
Update macOS on Mac
Use Software Update
Before installing new software, it's a good idea to back up your Mac. If you have an external storage device, you can use it to back up your Mac with Time Machine.
To check for new software, open Software Update:
From the Apple menu in the corner of your screen, choose System Settings. Click General in the sidebar, then click Software Update on the right.
Or in earlier versions of macOS, choose Apple menu > System Preferences, then click Software Update.
If Software Update finds new software, click the Update or Upgrade button to download and install it. You will be asked to enter your administrator password, which is the password you use to log in to your Mac. During installation, your Mac might show a progress bar or blank screen several times.
Update your iPhone or iPad wirelessly
Back up your device using iCloud or your computer.
Plug your device into power and connect to the internet with Wi-Fi.
Go to Settings > General, then tap Software Update.
If you see more than one software update option available, choose the one that you want to install.
Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now. If you don't know your passcode, learn what to do.
Jan
22
12:00 PM12:00
Apple Updates macOS 14.3, iOS 17.3, iPadOS 17.3, watchOS 10.3, tvOS 17.3
If already at the base os version, these updates are highly recommended. If running an older operating system, a thorough evaluation and preparation is advised before upgrading.
Update macOS on Mac
Use Software Update
Before installing new software, it's a good idea to back up your Mac. If you have an external storage device, you can use it to back up your Mac with Time Machine.
To check for new software, open Software Update:
From the Apple menu in the corner of your screen, choose System Settings. Click General in the sidebar, then click Software Update on the right.
Or in earlier versions of macOS, choose Apple menu > System Preferences, then click Software Update.
If Software Update finds new software, click the Update or Upgrade button to download and install it. You will be asked to enter your administrator password, which is the password you use to log in to your Mac. During installation, your Mac might show a progress bar or blank screen several times.
Update your iPhone or iPad wirelessly
Back up your device using iCloud or your computer.
Plug your device into power and connect to the internet with Wi-Fi.
Go to Settings > General, then tap Software Update.
If you see more than one software update option available, choose the one that you want to install.
Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now. If you don't know your passcode, learn what to do.
Update directly on your Apple Watch
If your Apple Watch has watchOS 6 or later, you can install updates without your iPhone:
Make sure that your watch is connected to Wi-Fi.
On your watch, open the Settings app.
Tap General > Software Update.
Tap Install if a software update is available, then follow the onscreen instructions.
Update your Apple TV manually
Go to Settings > System > Software Updates and select Update Software.
If there's an update, select Download and Install.
Wait for your Apple TV to download the update. Keep your Apple TV connected and plugged in to power until the update is complete.
After the update downloads, your Apple TV will restart, prepare the update, then install it. When the update is complete, your Apple TV will automatically restart again.
Jan
22
12:00 PM12:00
Apple Updates macOS Monterey 12.7.3
If already at macOS 12 Monterey, this update is highly recommended. If running an older operating system, or prompted to upgrade to a later operating system a thorough evaluation and preparation is advised before upgrading.
Update macOS on Mac
Use Software Update
Before installing new software, it's a good idea to back up your Mac. If you have an external storage device, you can use it to back up your Mac with Time Machine.
To check for new software, open Software Update:
From the Apple menu in the corner of your screen, choose System Settings. Click General in the sidebar, then click Software Update on the right.
Or in earlier versions of macOS, choose Apple menu > System Preferences, then click Software Update.
If Software Update finds new software, click the Update or Upgrade button to download and install it. You will be asked to enter your administrator password, which is the password you use to log in to your Mac. During installation, your Mac might show a progress bar or blank screen several times.
If you are prompted for a later macOS that you do not want to upgrade to, look for: “Other updates are available.” (scroll down if necessary) and click on “More Info...”
That will reveal the macOS Monterey 12.7.3 Update.
Jan
9
12:00 PM12:00
Magic Keyboard Firmware Update 2.0.6
Bluetooth
Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad
Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic
Description: A session management issue was addressed with improved checks.
CVE-2024-0230: Marc Newlin of SkySafe
Firmware updates are automatically delivered in the background while the Magic Keyboard is actively paired to a device running macOS, iOS, iPadOS, or tvOS.
You can check the firmware version of your Magic Keyboard in Bluetooth settings on your Mac. Go to System Settings > Bluetooth, then click on the Info button next to your keyboard. After this firmware update is installed, the firmware version is 2.0.6.
Oct
30
5:00 PM17:00
Oct
25
12:30 PM12:30
Updates... macOS 17,1 iOS/iPadOS 17.1 and more
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
macOS Sonoma
macOS Ventura
macOS Monterey
Apple TV HD and Apple TV 4K (all models)
Apple Watch Series 4 and later
macOS Monterey and macOS Ventura
Sep
21
8:00 AM08:00
Sep
20
12:00 PM12:00
Windows Ends Installation Path for Free Windows 7/8 Upgrade
Created Date: 2023-09-20 | Last Modified: 2023-09-20
Microsoft's free upgrade offer for Windows 10 / 11 ended July 29, 2016. The installation path to obtain the Windows 7 / 8 free upgrade is now removed as well. Upgrades to Windows 11 from Windows 10 are still free.
Details
To upgrade to Windows 11, devices must meet the Windows 11 minimum system requirements. Some Windows 10 features aren't available in Windows 11. System requirements to experience some Windows 11 features and apps will exceed the Windows 11 minimum system requirements. Find Windows 11 specs, features, and computer requirements.
Get Windows 11 - How to Get Windows 11 for Your Compatible PC | Microsoft.
Sep
12
10:00 AM10:00
Wonderlust Event
Dropping a line
Maybe this time
It's wanderlust for me
Between 1978 and 2006 there were a number of legal disputes between Apple Corps (owned by The Beatles) and the computer manufacturer Apple Computer (now Apple Inc.) over competing trademark rights.
Jul
26
8:00 AM08:00
My Photo Stream shutdown - Final
Information about the My Photo Stream shutdown
My Photo Stream is shutting down on July 26, 2023. Learn more about this transition and how to keep your photos up to date across all your devices and safely stored in iCloud.
My Photo Stream is scheduled to be shut down on July 26, 2023.
As part of this transition, new photo uploads to My Photo Stream from your devices will stop one month before, on June 26, 2023. Any photos uploaded to the service before that date will remain in iCloud for 30 days from the date of upload and will be available to any of your devices where My Photo Stream is currently enabled. By July 26, 2023, there will be no photos remaining in iCloud, and the service will be shut down.
The photos in My Photo Stream are already stored on at least one of your devices, so as long as you have the device with your originals, you won’t lose any photos as part of this process. If a photo you want isn't already in your library on a particular iPhone, iPad, or Mac, make sure that you save it to your library on that device.
Moving forward, iCloud Photos is the best way to keep the photos and videos you take up to date across all your devices and safely stored in iCloud.
Save photos currently in My Photo Stream
If your photos currently in My Photo Stream aren’t already in your library, you can save them to your device.
On your iPhone, iPad, or iPod touch
Open Photos and tap Albums.
Tap My Photo Stream > Select.
Tap the photos that you want to save, then tap the Share button > Save Image.
On your Mac
Open the Photos app, then open the My Photo Stream album.
Select any photos you want to save that aren't currently in your photo library.
Drag them from the My Photo Stream album to your Library.
Set up iCloud Photos
You can turn on iCloud Photos on any iPhone with iOS 8.3 or later, iPad with iPadOS 8.3 or later, or Mac with OS X Yosemite or later. After that, you can view your photos and videos in the Photos app on your iPhone, iPad, Mac, Apple TV, iCloud.com, and even sync them to a Windows PC using iCloud for Windows.
Learn how to set up iCloud Photos on all of your devices
Published Date: May 26, 2023
Jun
26
8:00 AM08:00
My Photo Stream shutdown - Pending
Information about the My Photo Stream shutdown
My Photo Stream is shutting down on July 26, 2023. Learn more about this transition and how to keep your photos up to date across all your devices and safely stored in iCloud.
My Photo Stream is scheduled to be shut down on July 26, 2023.
As part of this transition, new photo uploads to My Photo Stream from your devices will stop one month before, on June 26, 2023. Any photos uploaded to the service before that date will remain in iCloud for 30 days from the date of upload and will be available to any of your devices where My Photo Stream is currently enabled. By July 26, 2023, there will be no photos remaining in iCloud, and the service will be shut down.
The photos in My Photo Stream are already stored on at least one of your devices, so as long as you have the device with your originals, you won’t lose any photos as part of this process. If a photo you want isn't already in your library on a particular iPhone, iPad, or Mac, make sure that you save it to your library on that device.
Moving forward, iCloud Photos is the best way to keep the photos and videos you take up to date across all your devices and safely stored in iCloud.
Save photos currently in My Photo Stream
If your photos currently in My Photo Stream aren’t already in your library, you can save them to your device.
On your iPhone, iPad, or iPod touch
Open Photos and tap Albums.
Tap My Photo Stream > Select.
Tap the photos that you want to save, then tap the Share button > Save Image.
On your Mac
Open the Photos app, then open the My Photo Stream album.
Select any photos you want to save that aren't currently in your photo library.
Drag them from the My Photo Stream album to your Library.
Set up iCloud Photos
You can turn on iCloud Photos on any iPhone with iOS 8.3 or later, iPad with iPadOS 8.3 or later, or Mac with OS X Yosemite or later. After that, you can view your photos and videos in the Photos app on your iPhone, iPad, Mac, Apple TV, iCloud.com, and even sync them to a Windows PC using iCloud for Windows.
Learn how to set up iCloud Photos on all of your devices
Published Date: May 26, 2023
Jun
21
8:00 AM08:00
macOS Ventura 13.4.1
macOS Ventura 13.4.1
Released June 21, 2023
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
Description: An integer overflow was addressed with improved input validation.
CVE-2023-32434: Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 256567
CVE-2023-32439: an anonymous researcher
Mar
6
12:00 PM12:00
Eye4Fraud
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.
Breach date: 25 January 2023
Date added to HIBP: 6 March 2023
Compromised accounts: 16,000,591
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords, Phone numbers, Physical addresses
Feb
13
12:30 PM12:30
Feb
13
12:30 PM12:30
iOS 16.3.1 and iPadOS 16.3.1 Posted
The latest version of iOS and iPadOS is 16.3.1. Learn how to update the software on your iPhone, iPad, or iPod touch.
Feb
13
12:00 PM12:00
macOS 13.2.1 Update Posted
macOS Ventura 13.2.1
This update provides important bug fixes and security updates for your Mac.
Nov
9
7:00 PM19:00
Oct
10
8:00 AM08:00
Office 365 older devices and operating systems deprecated
Problems with Office 365 and older operating systems and devices.
Sep
12
8:00 AM08:00
iOS and iPadOS 15.7 Update
About the security content of iOS 15.7 and iPadOS 15.7
This document describes the security content of iOS 15.7 and iPadOS 15.7.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
iOS 15.7 and iPadOS 15.7
Released September 12, 2022
Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32911: Zweig of Kunlun Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: The issue was addressed with improved bounds checks.
CVE-2022-32917: an anonymous researcher
Maps
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2022-32908: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: This issue was addressed with improved checks.
CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari Extensions
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A website may be able to track users through Safari web extensions
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32872: Elite Tech Guru
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
Additional recognition
Game Center
We would like to acknowledge Joshua Jones for their assistance.
Identity Services
We would like to acknowledge Joshua Jones for their assistance.
Jun
6
to Jun 10
WWDC 2022 Swiftly approaching
Join developers worldwide from June 6 to 10 for an inspiring week of technology and community. Get a first look at Apple’s latest platforms and technologies in sessions, explore the newest tools and tips, and connect with Apple experts in labs and digital lounges. All online and at no cost.
May
16
2:30 PM14:30
macOS 12.4 Monterey Update posted
macOS Monterey 12.4 — Restart Required
macOS Monterey 12.4 includes enhancements to Apple Podcasts and bug fixes:
Apple Podcasts includes a new setting to limit episodes stored on your Mac and automatically delete older ones
Support for Studio Display Firmware Update 15.5, available as a separate update, refines camera tuning, including improved noise reduction, contrast, and framing
Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222
Apr
21
8:00 AM08:00
Apple has discontinued macOS Server
About macOS Server 5.7.1 and later
As of April 21, 2022, Apple has discontinued macOS Server. Existing macOS Server customers can continue to download and use the app with macOS Monterey.
The most popular server features—Caching Server, File Sharing Server, and Time Machine Server are bundled with every installation of macOS High Sierra and later, so that even more customers have access to these essential services at no extra cost.
To help you migrate from Profile Manager to other MDM solutions, learn about choosing an MDM solution and planning your MDM migration.
Services available in macOS and macOS Server
Learn about which services are available in macOS Server and which services have been migrated from macOS Server to macOS.
Services included in macOS Server 5.12 and later
The following services are included and fully supported in macOS Server 5.12 and later:
Profile Manager
Open Directory
Services included in macOS Server 5.7.1 through 5.11.1
The following services are included and fully supported in macOS Server 5.7.1 through 5.11.1:
Profile Manager
Open Directory
Xsan
Services migrated from macOS Server to macOS Big Sur and later
Command-line tools for Xsan management are included in macOS Big Sur and later. Learn more
Services migrated from macOS Server to macOS High Sierra and later
These services are now available in macOS High Sierra and later, and can be found in System Preferences > Sharing:
File Server
Caching Server
Time Machine Server
Service status
This table shows the status of each macOS Server service, and available alternatives.
ServiceStatusAlternativesProfile ManagerAvailable in Server 5.12.2Learn about choosing an MDM solutionXsanRemoved in Server 5.12Quantum, command-line tools built into macOSFTPRemoved in Server 5.4SFTP/SSHServer DocsRemoved in Server 5.4
iCloud Documents, Apache/WebDAVDHCPUI tools removed in Server 5.7.1bootpd, built into macOSDNSRemoved in Server 5.7.1BIND, Unbound, KnotDNSVPNRemoved in Server 5.7.1OpenVPN, SoftEther VPN, WireGuardFirewallUI tools removed in Server 5.7.1pf firewall (built into macOS)Mail ServerRemoved in Server 5.7.1
CalendarRemoved in Server 5.7.1CalendarServer, DavMail, Radicale, Kerio ConnectWikiRemoved in Server 5.7.1MediaWiki, PmWiki, XWiki, Confluence, WordPress WMX filesWebsitesUI tools removed in Server 5.7.1Apache HTTP Server (built into macOS), Nginx, LighttpdContactsRemoved in Server 5.7.1CalendarServer, DavMail, Kerio ConnectNetBoot/NetInstallUI tools removed in Server 5.7.1BOOTP, TFTP, HTTP, NFS (all built into macOS), NetSUS, BSDPyMessagesRemoved in Server 5.7.1ejabberd, Openfire, ProsodyRadiusRemoved in Server 5.7.1FreeRadiusAirPort ManagementRemoved in Server 5.7.1AirPort Utility
Apr
20
3:30 PM15:30
Jan
26
11:30 AM11:30
macOS 12 Monterey Update
Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.
The latest version of iOS and iPadOS is 15.3. Learn how to update the software on your iPhone, iPad, or iPod touch.
The latest version of macOS is 12.2. Learn how to update the software on your Mac and how to allow important background updates.
The latest version of tvOS is 15.3. Learn how to update the software on your Apple TV.
The latest version of watchOS is 8.4. Learn how to update the software on your Apple Watch.
Note that after a software update is installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the previous version.
Jan
12
3:00 PM15:00
Oct
25
11:00 AM11:00
macOS 12 Monterey Released
New features available with macOS Monterey.
macOS Monterey builds on the same powerful foundation as macOS Big Sur, while offering distinct experiences designed just for the capabilities of Mac.
Oct
4
11:00 AM11:00
FaceBook, Instagram, WhatsApp Outage
Facebook, Instagram and WhatsApp went offline for users across the globe, the social media giant said on Monday, as it worked on restoring its services.
Reuters could not immediately confirm the issue affecting the services, but the error message on the webpage of Facebook Inc suggested a problem with Domain Name System (DNS).
