Apple News Articles

Coruna framework: an exploit kit and ties to Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

5 days ago

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.

1 week ago

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.

2 weeks ago

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

3 weeks ago

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

Apple releases updates for legacy versions of iOS and iPadOS to address the recently disclosed Coruna exploits.

3 weeks ago

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

4 weeks ago

Apple discloses first actively exploited zero-day of 2026

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

New macOS TCC Bypass Vulnerability Allows Attackers to Access Sensitive User Data

By exploiting a private API within the ScreenReader.framework ,a core component of the VoiceOver accessibility feature malicious actors can gain unauthorized access to sensitive user data.

CISA Warns of Apple WebKit Vulnerability Actively Exploited in Attacks

CISA issued an urgent warning about a critical Apple WebKit zero-day vulnerability actively exploited in attacks.

Zero‑Day Vulnerabilities in Apple WebKit

Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Apple and Gladinet CentreStack and Triofox vulnerabilities to its Known Exploited Vulnerabilities catalog.

Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks | eSecurity Planet

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks.

Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users

Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices.

'Landfall' Malware Targeted Samsung Galaxy Users

The tool let its operators secretly record conversations, track device locations, capture photos, and perform other surveillance on compromised devices.

Apple fixes critical font processing bug. Update now!

Apple has released a security update for macOS, iOS, iPadOS, and visionOS to patch a serious bug (CVE-2025-43400) in how devices handle fonts.

Apple backports zero-day patches to older iPhones and iPads

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple patches CVE-2025-43300 exploited with WhatsApp CVE-2025-55177, protecting under 200 targeted users.

Apple CarPlay RCE Exploit Left Unaddressed in Most Cars

Even when a vulnerability is serious and a fix is available, actually securing cars is more difficult than one would hope.

WhatsApp fixes vulnerability used in zero-click attacks

WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.

Apple Fixes Zero Day Used in 'Sophisticated' Attack

CVE-2025-43300 is the latest zero-day flaw used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.

All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS after active exploitation reports.

CVE-2025-43199 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-43199 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

Microsoft uncovered a security flaw affecting macOS’s Spotlight.

The vulnerability (CVE-2025-31199), which Apple patched in a March 31st update, could give bad actors access to files inside a device’s Downloads folder and data cached by Apple Intelligence. That includes geolocation data, media metadata, and facial recognition info, according to a report from Micr...

The Hidden Cost of Mac Vulnerabilities: Why Endpoint Security is a Strategic Investment in 2025

The Hidden Cost of Mac Vulnerabilities: Why Endpoint Security is a Strategic Investment in 2025