Security

Between 2019 and December 2022, an extremely advanced iMessage vulnerability was in the wild that was eventually named “Operation Triangulation” by security researchers at Kasperksy who discovered it. Now, they’ve shared everything they know about the “most sophisticated attack chain” they’ve “ever seen.”

Apple has released iOS 17.2.1 and macOS Sonoma 14.2.1. Notably, the latter includes a patch for a vulnerability with screen sharing that can show others content from random “spaces” on your Mac when it looks like your desktop is empty. Here are the details.

An Xfinity data breach has been revealed by the company, in which hackers were able to obtain a wide range of customer information.

Data obtained for at least some Xfinity customers “may” include usernames, hashed passwords, real names, contact information, date of birth, last four digits of social security numbers, and security questions and answers …

December could very well be security month at Apple with the launch of Stolen Device Protection, the shuttering of Beeper Mini, and now, the stealthy fix to a Bluetooth exploit that has been wreaking havoc for iPhone and iPad users since its discovery in September.

The on-off Apple vs Corellium legal battle has been going on now for four years, but the final case has now been settled out of court, according to a report today.

The dispute had an amusing moment when Apple failed in its claim that Corellium had breached copyright by replicating iOS – and responded by claiming copyright infringement of Apple wallpapers …

One of the key features added in the iOS 17.3 beta is Stolen Device Protection. This is a thoughtful and creative solution to balancing out the need for protecting iPhone users without stopping them do the things they want to do with their devices.

What I love about Apple’s solution here is that someone has clearly put a lot of thought into that balancing act …

On the heels of iOS 17.2 being released to the public yesterday, Apple has seeded developers with the first iOS 17.3 beta. Notably, a brand new security feature is available to test with the update called Stolen Device Protection for iPhone.

Alongside iOS 17.2 arriving today, Apple has released macOS 14.2. As it happens, the new Mac release comes with double the amount of security fixes of iOS. Here are the 20 flaws fixed with the latest update.

Apple released iOS 17.2 for all users today with the new Journal app, spatial video capture, iMessage Contact Key Verification, and more. Along with those new features, the update comes with 10 important security fixes across Find My, kernel, Safari, WebKit, and Siri.

Following up on last year’s report “The Rising Threat to Consumer Data in the Cloud”, Apple has shared a new study from MIT’s Dr. Madnick that looks at how cyber threats are growing worldwide. Read on for a look at the state of online security and what we can do to limit our exposure and risk like using Apple’s Advanced Data Protection.

Apple released an important security update today for iPhone, iPad, and Mac. The list of fixes is short, but iOS 17.1.2 and macOS Sonoma 14.1.2 patch two web-based security flaws that have been actively exploited.

If you use Chrome on Mac, it’s strongly recommended to update it immediately, as a security flaw discovered by Google is being actively exploited by attackers. It could potentially allow personal data to be extracted from your Mac (the same issue also affects Chrome on Windows and Linux).

Google says it is aware of at least one real-life case of the exploit being used by a bad actor …

Update: Whether AirDrop is vulnerable to this exploit is unclear, but the odds are against it. See the update at the end.

Two newly-discovered Bluetooth security flaws allow attackers to hijack the connections of all devices using Bluetooth 4.2 to 5.4 inclusive – that is, all devices between late 2014 and now.

Six separate exploits have been demonstrated, allowing both device impersonations and man-in-the-middle attacks …

While Windows laptop users like to think they have their own version of Touch ID, it appears not to offer the same level of security. The Windows Hello fingerprint authentication system on the top three laptops to use it has been put to the test by security researchers – and all three failed.

To be fair, the team was carrying out the penetration tests at the request of Microsoft – but it was a Microsoft Surface product that turned out to be easiest to bypass …

A powerful new malware launched in early 2023 called Atomic macOS Stealer (AMOS) targets Apple users and has become a growing threat. Now, with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.

In September, 9to5Mac reported that Flipper Zero, a popular and cheap hacking tool, was being used to wreak havoc on nearby iPhones and iPads, spamming them with fake Bluetooth pop-ups until they eventually crashed.

Despite many iOS 17 updates since, including last week’s release of new iOS 17.2 betas, Apple has yet to implement safeguards to prevent the attack. So, what gives?

A new report from The Independent this weekend offers an interesting look at why and how Apple is “working hard to break into its own iPhones.” Ivan Krstić, Apple’s head of security engineering and architecture, spoke to The Independent for the report and explained why Apple feels the need to invest so heavily in security.

Notably, Krstić also addressed the possibility of Apple opening up the iPhone to third-party app stores and sideloading due to impending regulation in the European Union.

Security researchers have pulled the curtain back on what appears to be a variant of the infamous RustBucket malware that targets macOS systems. What was first detected earlier in April, a new report from Jamf Threat Labs highlights how this attack continues to evolve and who its potential targets may be.