An iOS 12 exploit has reportedly reemerged, being used by a group of hackers in China known as the “Evil Eye.” The latest Insomnia exploit gives attackers root access to iPhones running iOS 12.3 to 12.3.2.
Police, consumer organizations and Internet security companies are warning about an increasing number of coronavirus scams, as the FBI says cybercrime reports are up 400% …
Given the demographic of Apple customers, it’s no surprise to learn that they are the most common phishing target.
A new security report found that a full 10% of all phishing attempts were trying to get hold of Apple ID credentials, ahead of Netflix at 9% and a surprising third choice …
Popular videoconferencing service Zoom will shortly allow paying subscribers to opt out of Chinese servers when routing calls …
Zoom has created a security advisory council to help conduct a detailed review of its apps, with Alex Stamos as one of its members. Stamos was Facebook’s chief security officer from 2015 to 2018, and now researches and teaches on ‘the misuse of technology’ at Stanford …
The Taiwanese government has made the decision to ban the use of Zoom over security concerns. The German government hasn’t gone quite that far, but the country’s foreign ministry has barred it from government computers and heavily restricted any use of the service …
Over the last few years, Facebook has had a slew of privacy and security blunders and more details about one of them have come to light through a new court filing as the social media company is suing the spyware company NSO Group. It turns out Facebook tried to buy controversial government spyware to monitor iPhone and iPad users.
It seems hardly a day can go by without more Zoom vulnerabilities being discovered – with not just one but two more being revealed today …
A white-hat hacker was able to hijack iPhone cameras using a chain of three vulnerabilities he discovered. The same approach would also work with the cameras on Macs.
Ryan Pickren disclosed the vulnerabilities to Apple in December of last year. The company fixed the most serious of them in January, and the rest last month.
The approach relied on an exception to the normal privacy requirement for apps to seek permission for camera or microphone access…
Recent Apple MacBooks have included an aggressive security feature that disconnects hardware microphones when the lid is physically closed. The feature is designed to prevent eavesdropping on compromised hardware.
Starting with the recently introduced 2020 iPad Pro, Apple is bringing the same privacy feature to iPads.
After writing an apology note earlier today, fixing two serious Mac flaws, and detailing a plan to improve its security, privacy, and transparency moving forward, Zoom has also fixed its “malware-like” installer with the latest macOS update.
Zoom penetration tests have been commissioned by the popular videoconferencing service after a series of security and privacy issues were found in the company’s mobile and desktop apps.
Zoom’s problems have been a messy mixture of poor communication, sketchy marketing, rule-breaking, and actual security holes …
Zoom, the popular video call service has had a number of privacy and security issues over the years and we’ve seen several very recently as Zoom has seen usage skyrocket during the coronavirus pandemic. Now two new bugs have been discovered that allow hackers to take control of Macs including the webcam, microphone, and even full root access.
As reported by The Intercept, the Zoom video conferencing app offers options for end to end encryption in its UI (and in its marketing materials) but the calls are not actually end-to-end encrypted at all.
The Zoom video app is bursting into the public consciousness this year as the coronavirus causes most people to work from home. However, the security of the app has come under fire in many ways. In this instance, it turns out Zoom calls are only encrypted in transmission. This means the central Zoom servers could decrypt the incoming calls and see all participants if the company wanted to.
A bug in Apple’s recent iOS releases, including this week’s iOS 13.4 is keeping VPNs from being able to fully encrypt user traffic and data. Apple is aware of the issue and is currently working on a fix. In the meantime, there’s an easy workaround you can use to keep your VPN connection working as intended.
Analytics platform Sensor Tower has been secretly collecting data from users through VPN and ad-blocking apps on iOS and Android, a new report from BuzzFeed News says. The apps would prompt users to install root certificates through Safari, bypassing Apple’s restrictions.
Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.
The sophistication of the malware makes re-purposing it attractive to other attackers, including other governments …
Just about a year ago, it came to light just how easy it was to buy the real-time location data of US wireless customers via lax carrier standards, shady third-parties, and bounty hunters. Now after an “extensive investigation” the FCC has declared that “one or more wireless carriers apparently violated federal law.”
There’s an emerging health crisis at the moment, besides coronavirus: the head injuries caused by techies banging their heads on their desks at each piece of evidence that governments don’t understand how end-to-end encryption works.
The latest example of this, reported in the Guardian, was the head of Britain’s domestic counterintelligence and security agency, MI5, calling on tech companies like Apple and Facebook to continue to offer end-to-end encryption, but to provide MI5 access “on an exceptional basis”…
A flaw in Wi-Fi chips made by Cypress Semiconductor and Broadcom left “billions of devices” open to an eavesdropping vulnerability, ArsTechnica reports today. The flaw was announced by researchers at the RSA security conference today, and has already been patched by most manufacturers.
Expand
Expanding
Close
Apple has announced that it will boost Safari security for secure websites from September 1st. From that date, the browser will only accept HTTPS certificates issued within the past 13 months.
While this is a technical-sounding change, it’s should provide greater protection against two separate risks …
A new demo from researchers at Mysk shines a light on the free, unrestricted, access all apps have to the iOS clipboard.
In the video, the developers create a dummy app that simply prints out the information gleaned from the clipboard. When the user copies an image, the app can immediately see the image content and the metadata like the location of where the photo was taken. This becomes a little more sinister when the demo shows that installed widgets can also silently collect all data copied to the clipboard, without user knowledge.
Cybersecurity company Wandera found that some 23 iOS file-conversion apps used by three million people fail to use encryption, potentially putting the documents at risk.
All the apps in question were created by a single developer, Cometdocs, but Wandera says that the discovery raises a broader security issue…
Apple’s Secure Enclave set a precedent in smartphone security that has so far been followed by many Android brands.
A new research study found that Huawei, Samsung, Xiaomi, OnePlus, Vivo, LG, Oppo, and Sony all now have models with equivalent embedded hardware security features…