Security

Apple today released macOS Big Sur 11.4, which comes with expanded support for external GPUs, bug fixes in Safari, and more. However, this update also makes the system more secure as it patches an exploit that let malware take screenshots without the user’s knowledge.

Apple released its 2021 Platform Security guide back in February with new details on M1 Macs, iOS 14, macOS Big Sur, watchOS 7, and more. Now the guide has been updated with specifics on how Touch ID on the new Magic Keyboard works, how iPhone unlock with Apple Watch in iOS 14.5 cryptography works, and more.

A security researcher with a solid track record in discovering Wi-Fi vulnerabilities has discovered new ones, some of which are part of the core security protocols of the Wi-Fi standard, so are present in virtually every device from 1997 onwards.

The flaws could be exploited to steal sensitive data, control smart home devices, and even take over some computers. There are, however, two pieces of good news. First, the real-life risks for ordinary users are very small. Second, it’s easy to protect yourself against even these small risks …

You may not remember, but a modified copy of Xcode that surfaced on the web in 2015 was responsible for injecting malware into several iPhone and iPad apps that were subsequently uploaded to the App Store. Now, thanks to the Epic vs. Apple trial, internal Apple emails have revealed that more than 128 million iOS users were affected by the “XcodeGhost” malware.

An award-winning iPhone hack was used by the Chinese government to spy on Uyghur Muslims, giving Beijing total control of their phones.

A detailed report says that Chinese white-hat hackers used to participate in the annual Pwn2Own contest designed to uncover and exploit zero-day security vulnerabilities. The hackers win cash prizes, and the issues are reported to the companies concerned so that they can be fixed before details are shared publicly …

A new study published today takes an in-depth look at how apps used in schools are sharing children’s data with third parties. The research found the majority of school apps transmit data and that Android is 8x more likely to be sending that data to “very high-risk” third parties than iOS.

Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and Apple says they may have been actively exploited.

The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer supports the direct extraction of iPhone data, according to a document shared with us. This follows the discovery and exploitation of a vulnerability by secure messaging app Signal.

Signal discovered multiple security vulnerabilities in Cellebrite’s software, and was able to find a way to booby-trap iPhones to corrupt the results of a scan using Physical Analyzer …

US military movements in Syria were revealed by location info available for purchase from smartphone apps, says a new report today. This included enough information to identify the location of an undeclared US military base in the country.

The sensitive location information was harvested from weather, games, and dating apps on the phones of US soldiers, and appears to include special ops personnel …

An AirDrop flaw means that doing nothing more than opening an iOS or macOS sharing pane within Wi-Fi range of a stranger can enable them to see your phone number and email address. You do not have to initiate an AirDrop transfer to be at risk.

The security researchers who discovered the vulnerability say that they disclosed it to Apple way back in May 2019, but the company still hasn’t provided a fix to the 1.5 billion affected devices …

Secure messaging company Signal has successfully used an iPhone SE to hack Cellebrite‘s phone-cracking software. The company says that anyone could place a file on their iPhone that effectively renders useless any data extraction performed on the phone, and that it will be doing this for Signal users.

Signal says that the file could also compromise all past and future reports generated from the Cellebrite Windows app …

An Apple Support document has revealed that Apple made a very rare change to the production of its A12 and S5 processors last fall. According to the company, Apple upgraded the Secure Enclave in those processors to a second-generation version of the Storage component during the fall of 2020.

Apple has published its latest Transparency Report covering government and private party requests for data from January 1 to June 30, 2020. This report reveals how many requests were made for user data around the world, and how many with which Apple could comply.

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Epic cited two particularly damning quotes from Eric Friedman, head of the company’s Fraud Engineering Algorithms and Risk unit, in internal documents …

The Pwn2Own 2021 event is promoted by the Zero Day Initiative as a way to encourage developers and researchers to report zero-day vulnerabilities to the affected companies instead of selling these breaches to malicious hackers. This year, systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser.

Facebook will tell you if a page is satire, as well as if it isn’t, in a new initiative. When a satirical page uses the name of a politician, for example, it will be labeled “Satire Page” to ensure that people don’t mistake it for the real person.

Conversely, posts by politicians will be labeled as “Public Official” …

It was revealed over the weekend that a huge data breach saw personal data leaked from Facebook, including phone numbers, full names, and dates of birth. There’s now a way for you to check if any of your personal data was compromised …