https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • WHY ATTEND
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Registration Opens April 2019-Join Our Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Attackers continue to nibble at Apple’s iOS security

Attackers continue to nibble at Apple’s iOS security

  • Written by Robert Lemos / Dark Reading
  • 3rd February 2021

Three vulnerabilities in Apple’s mobile software could be used to power drive-by download attacks and chained to exploit either iPhones or iPads, a researcher with security firm Kaspersky warned this week.

Last week, Apple released an update to fix the three vulnerabilities — one in the kernel used by iOS and iPadOS and two in the WebKit browser library — noting that the company had reports of the issues being actively exploited. While Kaspersky revealed no details on how the exploits are being used, the fact that two vulnerabilities are in the basic software used to power the Safari browser means the attack surface is quite large.

The actual scenario quite likely depends on the attackers’ aims, says Victor Chebyshev, security analyst at Kaspersky.

“If an attacker is interested only in browser data such as history or credentials, he or she will exploit the browser vulnerability,” he says. “However, our experience shows us that cybercriminals are often interested in being on infected devices as long as possible, [so will use] an exploit chain to achieve persistence on the device and data extraction of things like social media conversations and messenger data.”

Apple’s iPhone and iPad products are regularly targeted by attackers. In a November update, the company patched three issues in iOS and the iPadOS that were also being actively exploited, according to Google’s Project Zero team, which reported the issues. In addition, commercial spyware providers have incorporated exploits for Apple’s mobile operating systems purchased from the gray market to allow the governments of smaller nations to conduct “zero-click” attacks, The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs and Public Policy at University of Toronto, documented in late December.

Apple’s iOS currently appears to have more than a quarter of the worldwide market share for mobile operating systems, compared with more than 70% for Android-powered mobile devices, according to StateCounter’s GlobalStats report.

While users of Android devices need to beware of malicious files and may want to consider running anti-malware solutions, users of Apple’s mobile operating systems need to worry most about fileless attacks, such as drive-by downloads, which the current vulnerabilities would allow, says Chebyshev.

To read the complete article, visit Dark Reading.

 

Tags: Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Funding Incident Command/Situational Awareness News Policy Public Safety Regional Coordination Security Software State & Local Government Subscriber Devices System Operation Test & Measurement Tracking, Monitoring & Control Partner content

Related


  • How SolarWinds busted up our assumptions about code signing
    How SolarWinds busted up our assumptions about code signing
    As the fallout from the SolarWinds hack broadens, we continue to learn more about just how it happened in the first place. There have now been four malware strains identified, one being Sunspot, which was installed on the SolarWinds build server that developers use to piece together software applications. When it comes to software supply chains, […]
  • Senate American Rescue Plan calls for more than $60 million in direct aid for counties
    The U.S. Senate’s version of the 2021 American Rescue Plan maintains the $350 billion in state and local aid that was in the House bill, including $60.1 billion in direct aid to counties. The U.S. Senate begin debating its version March 4. The House of Representatives passed its version of the $1.9 trillion bill Feb. […]
  • NTIA seeks potential new FirstNet Authority board members
    At least three new members are expected to be appointed to the FirstNet Authority board this year, when President Joe Biden’s administration theoretically could overhaul the governance body that oversees the nationwide public-safety broadband network (NPSBN) being built by contractor AT&T. Three Biden-administration representatives already fill three seats on the 15-member FirstNet Authority board, which […]
  • Smart-building projects target energy efficiency as launchpad to health and safety
    While enterprises take on smart building projects to reduce energy costs, COVID-19 has brought new priorities to the fore. With the continuing spread of the virus, many building operators have looked toward smart building systems to aid with tracking and tracing the virus among workers, physical distancing, contactless entry, temperature reading and other efforts to […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Biden to follow through on Trump-era China tech ban
  • Hytera, Motorola Solutions DMR royalty dispute to be decided by federal judge
  • Using data to improve emergency response resources in healthcare arena
  • 3 security flaws in devices and IoT that need fixing

Commentary


Ransomware? Let’s call it what it really is: extortionware

21st February 2021

Redefining communications for today’s mobile workforces

18th February 2021

Hi-tech sewer can help safeguard public health, environment and economies

18th February 2021
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Intel, Microsoft aim for breakthrough in DARPA encryption project dlvr.it/RvFcRV

9th March 2021
UrgentComm

Ericsson pulls the plug on MWC Barcelona again dlvr.it/RvFcQM

9th March 2021
UrgentComm

Intelsat and SES: C-band calm hides a brutal legal storm dlvr.it/RvCnwl

8th March 2021
UrgentComm

Securing the Industrial Internet of Things (IIoT) dlvr.it/RvCllK

8th March 2021
UrgentComm

ADRF targets smaller facilities with new in-building public-safety repeater dlvr.it/RvClgF

8th March 2021
UrgentComm

Microsoft adopted ‘aggressive’ strategy for sharing SolarWinds Attack intel dlvr.it/Rv9vmp

8th March 2021
UrgentComm

How SolarWinds busted up our assumptions about code signing dlvr.it/Rv25kB

5th March 2021
UrgentComm

Senate American Rescue plan calls for more than $60 million in direct aid for counties dlvr.it/Rv1wGF

5th March 2021

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X