Apple | SC Media

Apple

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Watering-hole attack campaign designed to infect iOS users via exploit chains

Researchers at Google’s Project Zero yesterday lifted the curtain on a long-running mobile malware operation that for years attempted to infect iOS device users with a malware implant, using exploits delivered via a small number of compromised websites. In an online blog post report, Google researcher Ian Beer did not reveal the specific websites that…

AppleMalware2

iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices

Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google…

Apple to expand bug bounty program, offer researchers access to iOS, iPhones

Apple is drastically overhauling its bug bounty program, eliminating its invitation-only status, increasing its rewards, expanding it to include MacOS and other operating systems, and even agreeing to supply qualified researchers with special iPhones that are easier to probe for vulnerabilities. Apple’s head of security engineering Ivan Krstic announced these changes last week at the…

Over and out: Apple temporarily disables Walkie Talkie app after bug discovery

And that’s a big “10-7” (radio lingo for “out of service”) for the Apple Watch Walkie Talkie app after the company reportedly disabled the feature following the discovery of a security vulnerability that could allow eavesdropping on iPhones. According to TechCrunch, Apple learned of the problem through a disclosure on its “report a vulnerability” portal.…

New OSX/Linker malware created to exploit bypass bug in macOS X Gatekeeper

Mac researchers have discovered a new malware program designed to specifically exploit a recently disclosed zero-day bypass vulnerability in macOS X Gatekeeper, which has still yet to be patched. Dubbed OSX/Linker, the malware appears to be crafted by the same developers behind OSX/Surfbuyer, an adware program that also targets Mac users, according to Joshua Long,…

iphone

Facebook phishing campaign hitting iOS users

A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials. The report by Myki said the attackers create fake copies of legitimate sites to attract victims. The victim is then asked to login in using his or her social media credentials, like Facebook.…

Report: Apple demands companies obtain consent before recording users’ app sessions

Apple has reportedly issued an ultimatum to companies that rely on “session replay” tools to track the way users interact with their iPhone apps: disclose the practice and seek explicit consent for it, or be removed from the app store. Apple’s mandate comes after a TechCrunch report last Wednesday revealed that Air Canada, Hollister, Expedia,…

Next post in Security News