This week we learned that the iPhone 11 Pro still tracks location data even when users have turned the features off. Apple gave a limited response saying that “We do not see any actual security implications,” and that it was working as intended. However, now Apple has followed up with more details about why the iPhone 11 Pro is doing this and that it will include a toggle in an iOS update to stop location tracking totally.
Security Stories Today
Security Stories November 13
Intel chip security flaws that affect all Macs, as well as Windows and Linux machines, still exist, say security researchers – despite the chipmaker’s claims to have fixed them. Similar flaws were found and patched in ARM processors, but there is no suggestion at this stage that further issues remain in these.
The ‘fundamental design flaw’ in Intel’s CPUs came to light last year, with the security vulnerabilities dubbed Spectre and Meltdown. They would allow an attacker to view data in kernel memory, which could span anything from cached documents to passwords …
Ecobee HomeKit Thermostat
Security Stories November 12
iOS 13.3. beta 2 brings Safari support for NFC, USB, and Lightning FIDO2 security keys
Apple released the second developer beta of iOS 13.3 today and one of the changes includes Safari support for NFC, USB, and Lightning FIDO2-compliant security keys.
Web designer Joshua Maddux has found the iOS Facebook app activating the iPhone camera while scrolling his feed. He found the same issue on five separate devices, with others able to replicate. The same issue does not appear to be present in the Android app.
Maddux posted a video (below) showing the behavior…
Security Stories November 8
A recently discovered vulnerability in the macOS Mail app caused by Siri that currently affects Catalina and the previous three releases means that users’ encrypted emails actually aren’t. While Apple is working on a fix for the bug, read on for more details about the issue and a couple of workarounds to solve the problem now.
Security Stories November 4
A new laser-based hack discovered for devices with MEMS (micro-electro-mechanical systems) microphones makes iPhone, HomePod, Google Home, Amazon Echo, and more vulnerable to line of sight attacks from up to several hundred feet away.