Security Stories October 26

One of the privacy features of iOS is that apps are required to ask permission if they want to access things like your photos, camera and location. But a Google engineer has created a demo app to show how a rogue app could abuse permissions to surreptitiously photograph you as you use the app – or even livestream video from your front or rear cameras.

The issue, says Felix Krause, is that users are asked to grant blanket permission. There may be a legitimate-seeming reason for an app to request access to your camera, to take a photo within the app, but it is then able to shoot photos and video anytime it is in the foreground without alerting you in any way …

expand full story

Security Stories October 25

Security researchers at Kaspersky Lab say that a number of popular dating apps are vulnerable to up to three types of attack, potentially revealing anything from user location to full identity and employer …

expand full story

Security Stories October 16

Update: Apple says the security vulnerability has been fixed in the beta versions of the next software updates to iOS, macOS, watchOS, and tvOS. These releases are expected this month (based on Apple Watch scheduled to gain Apple Music streaming in watchOS 4.1 in October.)

WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.

Android and Linux are particularly vulnerable, being described as ‘trivial’ to attack, but all other platforms are vulnerable too, including iOS and macOS …

expand full story

Security Stories October 5

Uber’s head of security communications has today announced that the company is removing access from its iOS app that may have allowed the company to record a user’s display unknowingly. Security researchers had noticed that Uber was given access to these private APIs by Apple, an unprecedented move from the security focused company.

expand full story

Security Stories September 29

Analysis of more than 73,000 Macs showed that some 4.2% of them were running the wrong firmware, leaving them vulnerable to attacks like Thunderstrike. For one model, the percentage was a staggering 43%.

Firmware exploits are among the most dangerous, because they potentially give an attacker complete control of a machine, are not detected by macOS security scans and remain in place even if you format or replace a drive and do a fresh install of macOS …

expand full story

Security Stories September 26

A macOS vulnerability discovered by security researcher Patrick Wardle allows any app – signed or unsigned – to extract plain text passwords from Keychain. Wardle demonstrated the exploit with a proof of concept app, seen in the video below.

The vulnerability is a huge one, because Keychain data is secured by 256-bit AES encryption, which should make it virtually uncrackable – and because the bug affects all versions of macOS, including High Sierra …

expand full story

Powered by WordPress.com VIP