Description: The customer data of Apple Inc. and Meta Platforms Inc. was leaked to hackers who impersonates themselves as law enforcement officials in a forged emergency data requests. The leaked information included the basic subscriber details, such as a customer’s address, phone number and IP address. The company soon blocked the known compromised accounts from making requests and worked with law enforcement to respond to incidents involving suspected fraudulent requests.

Description: Apple fired Rivos, a startup firm for allegedly stealing its sensitive proprietary information of the firm through some of its employees. The former employees of Apple stole gigabytes of sensitive SoC specifications and design files at the request of Rivos as part of the recruiting process. According to the reports the startup wants to design chips that will compete with them. Apple filed the complaint to recover its trade secrets, to protect them from further disclosure.

Description: Apple's move to incorporate 'Apple Intelligence' with OpenAI's ChatGPT into iOS has raised security concerns, particularly from Elon Musk who labeled it as 'creepy spyware.' Despite the claims of a privacy breach, Apple ensures high privacy standards with their Private Cloud Compute system, designed to process core tasks on-device, and mask data origins during cloud-based AI computations. This architecture aims to prevent unauthorized data access, setting a new standard in AI privacy. However, potential threats to privacy and security cannot be overlooked, as data can be susceptible to interception or misuse when cloud processing is involved.

Description: The discovery of the new LightSpy spyware version targeting iPhones marks a significant security concern for Apple. This sophisticated and destructive malware compromises iOS devices, stealing sensitive information and hindering device functionality by blocking the boot-up process. The spyware utilizes old vulnerabilities to exfiltrate private data from widely-used apps, captures audio, and has a wide range of destructive capabilities including deleting user files and wiping browser history. The potential losses for individual users are substantial, ranging from personal privacy breaches to financial and data loss, while Apple's reputation for security may also suffer as a result.

Description: Apple has received a confidential order from the UK Home Office to create access into its Advanced Data Protection for iCloud, which may force them to compromise the end-to-end encryption feature or withdraw support in the UK. Complying with this could have implications for user privacy and data security worldwide if backdoor access is granted to government agencies.

Description: Unauthorized third parties had tampered the Apple’s Xcode software, a code library used by developers of Mac OS X and iOS applications, and published it on the net. Some developers downloaded it and used it to create their apps and uploaded the apps on Apple App Store. These apps could communicate with third parties details of your iOS devices and attempted to phish for iCloud passwords. Apple removed the tainted apps and started working with the developers to make sure they were using the proper version of Xcode to rebuild their apps.

Description: Following Apple's announcement of partnering with OpenAI to bring ChatGPT to iPhones, concerns regarding privacy and security have been raised. Despite Apple's claims about their sophisticated Private Cloud Compute (PCC) system ensuring end-to-end privacy, Elon Musk has labeled the integration as 'creepy spyware'. If the integration is implemented at the OS level, the potential for sensitive data exposure becomes a threat, creating a fear of Apple devices being banned from his companies, which could have a substantial impact on the brand's reputation and consumers' trust.

Description: LightSpy spyware has targeted iPhones, leveraging its destructive capabilities to disable the booting process of compromised devices. It employs a modular framework with advanced spying features, stealing sensitive data across various applications and personal files, recording audio, and gaining near-total control over the device. The updated version uses additional plugins to disrupt booting and includes a range of other malicious features. Despite using an older, patched vulnerability for infection, its recent deployment and functionalities such as file deletion, freezing devices, and faking push notifications to redirect users, raise significant concerns. The operators are suspected to be of Chinese origin, distributing the spyware through watering hole attacks.

Description: Mac owners who use the open source Transmission BitTorrent, hit by rare ransomware Attack, Spread via Transmission BitTorrent App. The attackers infected app’s official website, encrypted customers documents and data files. The attackers demanded a one bitcoin (approximately $400) ransom be paid and restore almost data’s safe.

Description: Apple has encountered a significant security issue with the discovery of the LightSpy spyware targeting iPhones up to version 13.3. This modular spyware can exfiltrate personal data, record audio, and obtain complete device control. LightSpy's new version employs destructive plugins capable of preventing devices from booting, deleting critical data, and initiating fake notifications. The multifaceted spyware utilizes privacy intrusions like accessing KeyChain data, stealing files, and taking camera shots, leading to the potential loss of consumer trust, financial liability, and a tarnished reputation for Apple.

Description: There is a flaw in the latest version of iOS that could fool iPhone users into visiting a malicious website rather than a safe one. With iOS 11 Apple introduced a new feature to its built-in camera app, giving users the ability to scan QR codes and access their content (such as URLs). In other words, just pointing the camera app on your iOS device at the QR code below will invite you to visit www.welivesecurity.com but it will show an unsuspicious-looking domain in the notification, but take an unwitting user to an entirely different URL in Safari.

Description: Apple's announcement to integrate AI in the form of 'Apple Intelligence' through a partnership with OpenAI and bring ChatGPT to iPhones has raised security and privacy concerns, especially from figures such as Elon Musk who labeled it as 'creepy spyware'. While Apple contends that its new technologies, like the Private Cloud Compute (PCC), will maintain user privacy by processing more complex AI tasks on cloud-based servers while keeping core tasks local, concerns are raised around potential security implications. Apple has developed an end-to-end AI architecture aiming to protect user data assiduously, but the introduction of such AI capabilities could potentially heighten the vulnerability to cyber threats if not secured adequately.

Description: A group of researchers know as 'Lagrange Point' have exploited regional restrictions of Apple's AirPods Pro 2, demonstrating that with a set of workarounds, geographical limitations can be bypassed. Despite the hardware's reliance on multiple geolocation checks, including Apple Store region connectivity, timezone, language, region settings, and Wi-Fi SSIDs, they achieved this by potentially altering the perceived IP address of the devices. This vulnerability exposes Apple to reputational damage and questions the robustness of their geofencing. There is no report of personal data loss or significant business impact; however, this incident can influence consumer trust and confidence in Apple's security measures.

Description: In a sophisticated cyber incident, limited attacks involving a new variant of macOS malware, identified as XCSSET, have been reported. Discovered by Microsoft Threat Intelligence, this malware variant has altered Xcode projects and exhibited advanced obfuscation, persistence mechanisms, and infection methods. While initially activated in 2022, the XCSSET threat has continued to evolve, challenging cybersecurity efforts with its enhanced techniques for encoding payloads and making it difficult to trace and understand the intent of obfuscated module names. Persistent attacks have been orchestrated using methods such as 'zshrc' to execute files in new shell sessions and 'dock' to replace legitimate Launchpad apps with malicious ones. The impact of this malware predominantly threatens the security of developers' environments and the integrity of software supply chains, potentially resulting in the compromise of data and the disruption of developer operations.

Description: The critical vulnerability in Apple's macOS systems posed a severe security risk by compromising system passwords through the Keychain mechanism. The flaw allowed unauthorized access to sensitive data without user consent, potentially leading to privacy breaches and theft of sensitive information. The issue highlights the necessity for enhanced security measures in Apple's operating system and has prompted calls for users to implement additional protections until an official patch is released by the company.

Description: A critical vulnerability in iOS (CVE-2025-24091) allowed any sandboxed application or widget extension to send low-level Darwin notifications that forced devices into a “Restore in Progress” state, triggering an endless reboot loop. The exploit—just a single line of code—bricked affected iPhones and iPads running versions prior to iOS/iPadOS 18.3, rendering them unusable without a full system restore. The persistent nature of the proof-of-concept attack, implemented in a widget that automatically relaunched on restart, meant devices would immediately reenter the reboot cycle upon each reboot, effectively denying service indefinitely. End users faced downtime, data loss risk if backups were outdated, increased support calls and repair costs, and potential reputational damage for enterprises relying on vulnerable devices. Apple released iOS 18.3 to address the issue with new entitlements on Darwin notifications and awarded a $17,500 bug bounty to the researcher.

Description: A critical sandbox escape vulnerability was discovered in multiple Apple operating systems, tracked as CVE-2025-31191. The flaw resides in the security-scoped bookmarks mechanism, which is intended to grant sandboxed applications persistent, user-approved access to files outside their containers. By exploiting a weak keychain protection model, a malicious process running inside any vulnerable sandboxed app can delete the legitimate signing secret for the ScopedBookmarkAgent and replace it with an attacker-controlled key. With the new key in place, the attacker can generate forged bookmarks for arbitrary files, inject them into the securebookmarks.plist, and bypass App Sandbox restrictions without additional user consent. This chain of actions enables unauthorized access to sensitive user data, including private documents and potentially system files, elevating privileges and paving the way for further exploitation. The proof-of-concept demonstrated by Microsoft showed an Office macro delivering the exploit, but any sandboxed app on macOS Ventura, Sequoia, Sonoma, iOS, iPadOS, or tvOS is at risk. Apple has released patches that improve state management to prevent key deletion and replacement, and users are urged to update immediately. Organizations leveraging Microsoft Defender for Endpoint can detect suspicious keychain manipulations related to this attack vector.

Description: A previously unknown zero-click vulnerability in Apple’s iMessage, dubbed 'NICKNAME,' affected iOS versions up to 18.1.1 and was exploited by sophisticated threat actors targeting high-profile individuals. The vulnerability allowed attackers to compromise iPhones without user interaction, requiring only the target’s phone number or Apple ID. The attack exploited a race condition in the imagent process, leading to memory corruption and potential code execution on targeted devices. The affected individuals included political campaign staff, journalists, tech executives, and government officials in the EU and the US. Apple patched the vulnerability in iOS 18.3.

Description: A zero-click attack leveraging a newly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon's Graphite mercenary spyware. The attack, which occurred in January and early February 2025, exploited a logic issue triggered when processing a maliciously crafted photo or video shared via an iCloud Link. The vulnerability was fixed in iOS 18.3.1, released on February 10. Apple acknowledged that this issue may have been exploited in a sophisticated attack against specific targeted individuals. Users who have upgraded to iOS 18.3.1 and later versions are safe from this attack. High-risk users are advised to enable Lockdown Mode and reboot their devices daily to minimize the attack surface.