Security Stories Yesterday

Secure messaging company Signal has successfully used an iPhone SE to hack Cellebrite‘s phone-cracking software. The company says that anyone could place a file on their iPhone that effectively renders useless any data extraction performed on the phone, and that it will be doing this for Signal users.

Signal says that the file could also compromise all past and future reports generated from the Cellebrite Windows app …

expand full story

Security Stories April 12

An Apple Support document has revealed that Apple made a very rare change to the production of its A12 and S5 processors last fall. According to the company, Apple upgraded the Secure Enclave in those processors to a second-generation version of the Storage component during the fall of 2020.

expand full story

Security Stories April 9

Apple has published its latest Transparency Report covering government and private party requests for data from January 1 to June 30, 2020. This report reveals how many requests were made for user data around the world, and how many with which Apple could comply.

expand full story

Another 500M accounts scraped: This time LinkedIn and other services

Not long after we learned that more than 500M accounts were scraped, exposing personal data from Facebook users, a report today says the same is true of LinkedIn and unnamed additional services.

Some 2 million records have been put online as proof of the attack …

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Epic cited two particularly damning quotes from Eric Friedman, head of the company’s Fraud Engineering Algorithms and Risk unit, in internal documents …

expand full story

Security Stories April 8

The Pwn2Own 2021 event is promoted by the Zero Day Initiative as a way to encourage developers and researchers to report zero-day vulnerabilities to the affected companies instead of selling these breaches to malicious hackers. This year, systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser.

expand full story

Powered by WordPress VIP