Apple News, Articles and Updates

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

Confusion over chipmakers' debug exception instructions prompts patching by OS developers

Multiple major operating systems and hypervisors contain a serious CPU chipset bug that could allow authenticated attackers to read sensitive data in memory and control certain low-level functions, prompting their developers to issue security updates patching this flaw.

Apple updates fix code execution, privilege escalation and spoofing issues

Apple on Tuesday released security updates for the Safari browser and its MacOS and iOS operating systems, fixing a total of four vulnerabilities.

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and other core products, as well as security enhancements for two older OS offerings.

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected $267,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver, after demonstrating vulnerability exploits in Apple (5 bugs), Microsoft (4), Oracle (2), and Mozilla software (1).

Edward Snowden returns to U.S.! Oops, nope, it's a phishing scam

No, NSA whistleblower and U.S. fugitive Edward Snowden did not just purchase a 2 terabyte storage plan for iCloud, nor has he moved back to the States.

Apple iOS 9 source code posted to Github

Apple found itself in damage control mode today after the source code, called iBoot, for the iPhone's operating system was somehow posted to Github potentially giving anyone the ability to spot vulnerabilities.

MacUpdate hacked, cryptocurrency miner apps installed

A cybercriminal managed to infiltrate the Mac app download site MacUpdate and install maliciously- copies of the Firefox, OnyX, and Deeper applications that actually were cryptocurrency miners.

Malicious 'ChaiOS' link can crash Apple devices

A quirky bug in Apple's Messages application is allowing a malicious GitHub link to cause crashes and other bothersome behavior on both macOS and iOS machines.

OS X MaMi DNS hijacker spotted, analyzed

An independent security researcher has done a quick analysis of a new Mac OS X DNS hijacker that is closely related to a previously uncovered Windows-only version that is capable of allowing man-in-the-middle attacks.

macOS Zero Day details exposed by researcher

An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Researchers create mask that defeats iPhone Face ID feature

Barely one week after the highly anticipated launch of Apple's new iPhone X, security researchers are claiming they were able to defeat its Face ID facial recognition security feature using a carefully crafted mask worth approximately $150.

Apple issues new security update for macOS High Sierra

Apple issued a supplemental security update for macOS High Sierra 10.13 to patch two issues one of which fixes a keychain

Apple's iOS 11 release prevents backdoor exploit on Wi-Fi chips

Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.

Apple exterminates bugs in iCloud for Windows, macOS High Sierra, macOS Server

Apple on Monday issued security updates for its iCloud for Windows, macOS High Sierra operating system, and macOS Server products, fixing 67 vulnerabilities.

Remotely locked Apple devices being held for ransom

Some Apple product owners have found themselves on the receiving end of a new ransom attack that has someone locking their device most likely using stolen iCloud credentials and the initiating the Find My iPhone remote lock feature.

Report: WhatsApp began encrypting back-ups to iCloud Drive in late 2016

WhatsApp added another layer of protection for users in late 2016, quietly introducing a new feature that encrypts messages and contacts when uploading this data to Apple's iCloud servers, according to a Forbes report.

Attackers sabotage HandBrake's download for Macs to deliver Proton RAT

The developers of HandBrake have advised Mac-based users that they may be infected with a backdoor after an unknown attacker replaced a HandBrake software installation package with a variant of the Proton RAT malware.

Pickpockets and hackers, the latest cybercrime marriage

A Trend Micro researcher may have stumbled across a new alliance in place between petty criminals and their more sophisticated cyber cousins that could prove mutually beneficial.

New 'Dok' dropper variant found, even after Apple revokes cert for Mac malware

A researcher has discovered a new variant of the "Dokument.app" dropper that was recently found delivering OSX/Dok Mac malware, but Apple reportedly neutralized the threat by revoking the malware's the ill-gotten certificate.

Pandora Apple app vulnerable to MITM attacks

A vulnerability note was issued by CERT/CC for the Pandora music streaming service Apple iOS app for failing to properly validate SSL certificates provided by HTTPS connection.

Apple patches bugs, reportedly reconfigures iOS to stifle pop-up scam

Apple on Monday released security updates for multiple products, and in the process also reconfigured iOS to address a pop-up issue that scammers were abusing to lock users out of their Safari mobile browsers in an attempt to extort money.

Proton RAT malware not a positive development for Mac users

Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.