Security

An Apple security fix in iOS 15.6.1 back in August of last year was said to close two major security vulnerabilities, one of which could have allowed a rogue app to execute arbitrary code with kernel privileges (aka do Very Bad Things). But it’s now been revealed that the more serious vulnerability wasn’t closed after all.

Apple did succeed in blocking a specific way of exploiting the vulnerability, but didn’t address the root issue until last week’s iOS 16.5 update, some nine months later …

Included with iOS 16.5 comes a variety of important security fixes. There are 39 vulnerabilities addressed in the latest iOS update and Apple notes that three of them were reported as actively exploited.

We’ve been waiting for 1Password passkey support since last November, when the company first announced plans to include it. We learned a little more in an exclusive interview with the company’s CEO earlier this month, and we now know exactly when it will launch.

The company has revealed that passkeys will go live within 1Password on June 6. Unlocking 1Password itself with a Passkey will possible the following month. Video demos (below) show how the security feature will work …

IoT security company Sternum has discovered a vulnerability in one of Belkin’s smart home devices. Read on for the details about how the Wemo Mini Smart Plug V2 flaw can be exploited for remote command execution and why Belkin has decided not to patch it.

Twitter encrypted DMs have officially launched – but only between paid users, and the security feature doesn’t yet live up to Musk’s promise to use end-to-end (E2E) encryption for full privacy.

The company acknowledges this in a support document, and even Musk himself says you shouldn’t trust it …

AI voice scams are becoming more prevalent and can be extremely convincing because it sounds like you’re talking to a loved one. Now we’ve got an in-depth report that digs into how AI voice cloning works, how common the scams are, the likelihood of falling for one, the average cost, plus how to prevent and protect against AI voice scams.

As hacking tools become more and more powerful, it’s more crucial than ever to maintain good password habits – or fix weak spots. World Password Day is a good reminder to share best security practices with friends or family or see if you’re on top of everything yourself. Here are 8 important ways to check passwords and improve security.

In January, T-Mobile revealed it was hit by a data breach that impacted 37 million customers. Now the company has shared that it has seen another incident. The good(ish) news is this time it’s believed to only have affected 836 users but the bad news is the malicious party was able to steal sensitive info like social security numbers, full names, birth dates, contact information, T-Mobile account PINs, and more.

Ahead of World Password Day on May 4, NordPass has released a report showing that “password habits die hard” with a list of the most used passwords in the US and 29 other countries. For the US, many of the usual suspects are on the list, however, this time around “123456” is no longer the most popular password. The study also found 83% of these passwords can be cracked in “less than a second.”

So far this year we’ve seen a few reports about malware that’s affecting Macs. Now Elastic Security Labs has released its spring 2023 Global Threat Report. It offers a big-picture look at the state of malware including how often it’s impacting Mac vs Windows and Linux, the most common malware overall, the most common malware on Mac, and more.

Delivering on one of Proton Mail users’ top requests for years, Proton is starting the beta of its password manager. Naturally, coming from Proton, it features end-to-end encryption and is open source so anyone can audit the security features. Read on for all the details on this iCloud Keychain alternative.

Juice jacking popped into the mainstream consciousness this month as the FBI shared a warning to avoid public device charging to protect against the rise of malicious cables. While juice jacking can severely compromise devices, one security expert is raising awareness of a more common – but usually less critical threat – fake public WiFi connections.

An NSO zero-click iPhone hack worked by gaining access to HomeKit on the device, but it was blocked by those using Apple’s Lockdown Mode security feature, with the phone alerting them to the access attempt.

However, two other NSO zero-click attacks seemingly succeeded – both exploiting vulnerabilities in the Find My app …

As technology advances, scams are becoming quite sophisticated. One of the latest threats is AI voice cloning which a malicious party can use to make it seem like they have a loved one held hostage. Mix that with caller ID spoofing and it’s a very scary and convincing scam that can impact users on iPhone, Android, and really any phone. Read on for more details and how to protect against AI voice clone and caller ID spoofing scams.

Over the last several years, LockBit has become one of the most powerful ransomware gangs. While it has focused on Windows, Linux, and virtual host machines, it looks like the group has developed its first ransomware for Macs.

Juice jacking has become more and more prevalent in the last several years to the point where the FBI is now warning the public about it. But is juice jacking something iPhone owners need to be concerned about? Let’s look at how it can affect iPhone, three ways to prevent iPhone juice jacking, and more.

Over the past years, we’ve seen the problem of “juice jacking” grow at public charging stations for phones and other devices. Now the FBI considers the risk of juice jacking so high that it’s telling Americans to completely avoid using public chargers in airports, hotels, and malls.

Shortly after releasing new software for iPhone and Mac today with “important bug fixes and security updates,” Apple has detailed the specifics of the security flaws that have been patched. Notably, Apple has shared it has seen reports of them being exploited in the wild.

Alongside the release of iOS 16.4.1, Apple has pushed macOS 13.3.1 to all users. The update comes with bug fixes for emoji and the Auto Unlock feature as well as important security updates that patch two actively exploited vulnerabilities.