Security

A group of researchers has uncovered what looks to be the first browser-based side-channel attack that’s built entirely from CSS and HTML. The JavaScript-free attack has been found to work across most modern CPUs including Intel, AMD, Samsung, and Apple Silicon. Interestingly, the findings say Apple’s M1 and Samsung’s Exynos chips can sometimes be more susceptible to these novel attacks.

Despite Apple’s efforts to keep iOS secure, it’s difficult to have control over how third-party apps store user data. A new research from mobile security firm Zimperium has found that thousands of iOS and Android apps are exposing users’ personal information due to misconfigured cloud services.

The Aegis Secure Key 3ncx is designed to provide a solution to a problem that remains common even in today’s cloud-based world: balancing convenience with security when it comes to USB keys.

If we all lived in the always-connected, high-speed, cloud-based world, the ads would have us believe, USB keys would be as obsolete as floppy disks. The reality, however, is that they still have a role to play today …

A new report today in the MIT Technology Review dives into Apple’s continued work on device and software security and the potential unintended consequences. While almost all experts agree that the walled garden approach to iPhone has solved major security issues, some are sharing the concern that it’s also giving the world’s top hackers a better place to hide.

A new Unc0ver jailbreak tool works on almost every iPhone, including the iPhone 12. It is based on the same vulnerability Apple said may have been been actively exploited by hackers.

The approach works on iPhones running iOS 11 through to iOS 14.3, as Apple patched the flaws in iOS 14.4…

Apple says that it has taken steps to prevent further spread of the Mac malware known as Silver Sparrow. The malware was notable for the fact that it runs natively on the M1 chip.

Apple says that it has revoked the security certificates of the developer accounts used to sign the packages, which will prevent it being installed on any further Macs…

Apple has published its 2021 update to its Platform Security guide today along with refreshing the Apple Platform Security landing page. The latest guide goes in-depth on the new and updated security features that have arrived with iOS 14, macOS 11 Big Sur, Apple Silicon Macs, watchOS 7, and more. Apple has also launched an all-new Security Certifications and Compliance Center website and guide.

The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild.

Apple’s Fraudulent Website Warning is designed to alert you when you’re about to visit a website that is known to host malware, or that is believed to be a phishing site. Previously, that check consulted a database hosted on a Google server, but as of iOS 14.5 it instead uses an Apple proxy to better protect user privacy.

That adds an extra layer of privacy to the protection Apple was already employing …

A security researcher found a clever way to hack Apple, Tesla, and more than 30 other major companies using a novel open-source software approach.

Microsoft, PayPal, Shopify, Netflix, Yelp, and Uber were among the other companies that found their internal systems breached in the proof of concept …

A Sudo bug found in the Linux and BSD operating systems has now been found to also be present in macOS. The news was confirmed by two security researchers.

The bug could allow an ordinary user to gain root access to a Mac, though an attacker would also need to combine with malware or a brute-force attack to gain user access in the first place …

Speaking at the EU data protection conference CPDP today, Tim Cook gave the opening keynote with his talk entitled “A path to empowering user choice and boosting user trust in advertising.” Cook covered Apple’s concerns about privacy and security in the technology industry, the hope it sees for change going forward, what it is doing to protect privacy, its deep concerns and consequences with Facebook’s business model, and much more.

A security researcher at Johns Hopkins University who led an examination into the robustness of smartphone encryption systems says he was shocked by the Android and iOS vulnerabilities they discovered.

He said that iOS in particular has extremely secure encryption capabilities, but these are not in use much of the time …

Earlier this year Apple launched a new program called the Security Research Device Program to help researchers find vulnerabilities in iOS and also in its devices. Researchers can apply to get the special hardware since June, and now the company is finally shipping these “rooted” iPhones to those who have been accepted.

A suspected state-sponsored attack saw dozens of iPhones hacked by exploiting an iMessage vulnerability that remained unpatched for around a year. The attack was a so-called zero-click one because it didn’t require the victims to take any action: the hack was enabled simply by receiving a text message.

The victims of the attack were Al Jazeera journalists, and is believed to have been carried out on behalf of Saudi Arabia and the United Arab Emirates governments, using spyware developed by Israeli company NSO Group. It is suspected that these journalists are a ‘minuscule’ fraction of the iPhones hacked using this method …