Apple Speeds iPhone Security Patches to Counter AI-Driven Hacking Threats

Anthropic’s Mythos found flaws in classified US systems during a government test

Mô hình AI Mythos của Anthropic đã phát hiện lỗ hổng trong các hệ thống bí mật của chính phủ Mỹ trong một cuộc thử nghiệm kiểm tra đỏ có kiểm soát, chứ không phải do tấn công từ bên ngoài. Kết quả này nhấn mạnh khả năng của Mythos trong việc tìm ra hàng nghìn lỗ hổng zero-day trên các hệ điều hành và trình duyệt lớn, dù chính phủ Mỹ từng hạn chế công khai mô hình này sau một vụ jailbreak riêng.

Những phát hiện về khả năng phát hiện lỗ hổng trong hệ thống an ninh quốc gia của Mỹ cho thấy AI mạnh mẽ như Mythos có thể trở thành công cụ quan trọng trong bảo mật, nhưng cũng đặt ra thách thức về kiểm soát và ứng dụng công bằng—là vấn đề cần thảo luận để xây dựng hệ sinh thái an toàn và minh bạch cho công nghệ AI.

iPhone 18 secrets spill onto the dark web

A ransomware group has leaked sensitive Apple iPhone 18 Pro files on the dark web after stealing data from Tata Electronics, Apple's Indian manufacturing partner. The leaked files include component lists, supplier mappings, and drop-test photos of unreleased iPhone 18 Pro models marked 'confidential.' The breach exposes Apple's supplier relationships and bargaining vulnerabilities, coming at a sensitive time as India now accounts for 26% of global iPhone production and Apple is expected to raise iPhone prices. Tata has restricted internal system access and hired a forensic auditor in response.

UK regulator proposes letting developers steer users off Apple and Google payments

The UK's Competition and Markets Authority (CMA) has proposed allowing app developers to steer users toward off-platform payment options outside Apple and Google's app stores. Any steering fees platforms charge would need to be fair, reasonable, and lower than current commissions, with savings passed to consumers. The CMA is also considering forcing Apple to open NFC chip access for third-party tap-to-pay features. Google claims it has already made similar changes via new Play Store terms, while Apple has not commented. The proposals are part of the UK's new digital markets regime and run parallel to the EU's Digital Markets Act, reflecting a global regulatory trend pushing back against platform payment monopolies.

Apple says it is shipping security updates early as AI speeds up hacking

Apple is accelerating its security update cadence by decoupling fixes from the annual iOS release cycle. The company cites AI's ability to dramatically shorten the time between vulnerability disclosure and exploitation — AI tools can analyze patches and help attackers reverse-engineer exploits faster than before. Apple's response is preventive: push fixes to devices before attackers can weaponize known flaws. No evidence of active exploitation was cited; the shift is procedural, moving standalone security updates earlier rather than waiting for bundled major releases.

When the Guardrails Held and the Attack Still Worked

Analysis of over 1,000 recovered AI agent sessions from a real attacker's working directory reveals how AI-assisted intrusions actually operate. The attacker bypassed AI safety guardrails not through technical jailbreaks, but by simply framing each session as an authorized red-team exercise. Across 1,000+ malicious sessions, only a handful of policy violations were raised. The attacker exploited known, published CVEs (CitrixBleed 2, Ghostscript, Livewire) rather than novel zero-days, using AI to automate reconnaissance and exploitation at scale. The core argument: model-side guardrails are insufficient because they operate inside the conversation where intent can be freely asserted. Independent verification — a layer that evaluates what code actually does rather than what the prompt claims — is the structural defense needed. The attacker was ultimately identified not by AI safeguards but by his own carelessness, having used the same agent to polish his resume containing his real identity.

Supreme Court will hear Apple's appeal over App Store contempt finding in Epic case

The US Supreme Court has agreed to hear Apple's appeal of a contempt finding stemming from its legal battle with Epic Games over App Store fees. Lower courts found Apple willfully defied a 2021 order requiring it to allow developers to direct users to external payment options. Apple complied but imposed a 27% commission on external-link purchases, which courts ruled effectively nullified the order. The Ninth Circuit upheld the contempt finding but said a full ban on commissions went too far, allowing Apple to charge fees 'genuinely and reasonably necessary' for coordinating external purchases. The Supreme Court will hear the case in its October term, with a ruling expected by June 2027. The outcome could set global precedent for how Apple manages App Store fees, with regulators in the EU, Brazil, India, and the UK all watching closely.

iPhone 18 Pro supplier list and parts exposed in Tata data leak

A ransomware group called World Leaks has published files stolen from Tata Electronics, Apple's manufacturing partner in India, exposing iPhone 18 Pro component lists, supplier names, and photographs from drop tests. The leaked bill of materials reveals Apple's supplier architecture — including where it sources from multiple vendors for bargaining leverage and where single-source dependencies create supply chain vulnerabilities. The breach is the second ransomware incident involving Tata, following an earlier claim of stolen Apple and Tesla trade secrets. Apple is investigating alongside Tata, but the supplier maps are already public, posing competitive and strategic risks beyond a typical privacy incident.