Security

Hey, Arin here. Last week was the busiest for security so far this year. We saw an unprecedented offensive on the LockBit ransomware gang; Apple moved to make iMessage future-proof with quantum computer protection, and the topic of this week, Jamf’s new report highlighting some alarming statistics around Apple-using businesses. So, grab your drink of choice. Let’s get into it…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It’s never been more important to protect yourself and your family online. Fortunately, Surfshark makes that effortless with an all-in-one app that delivers a secure and fast VPN as well as protection for your devices and identity. Read along for how to change your location on iPhone and get Surfshark VPN free for two months.

AT&T says that the widespread outage which started in the early hours of yesterday morning and later resolved was caused by a software update.

There had earlier been speculation that it might have been the result of a cyber attack, but while there are said to be “no indications of malicious activity” so far, both the Department of Homeland Security and the FBI are investigating …

Security is a never-ending mission and today Apple has announced its latest innovation for protecting iMessage. Already live in the iOS 17.4 beta is an innovative post-quantum cryptographic protocol called PQ3. The novel upgrade gives iMessage “the strongest security properties of any at-scale messaging protocol in the world.” Here’s why iMessage quantum security is important now and into the future, how PQ3 works, and more.

A Wyze camera breach allowed some 13,000 customers view footage from other people’s homes. The company had originally said that the serious privacy and security breach had only happened for 14 people.

Wyze says that most of these customers only saw a thumbnail, but that more than 1,500 users saw either a full-size still or a video recording of an event …

It was a landmark year for ransomware in 2023 and a well-publicized one following the MOVEit and MGM Resorts beaches that shook the security industry. Not only did threat actors collectively pocket a record-breaking $1.1 billion from victims, but a new report highlights how the scope and complexity of these attacks are becoming increasingly concerning.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Proton launched its secure password manager last year to the public and now it’s available for enterprise. The company calls Proton Pass For Business “a Swiss vault for your team’s passwords.” It’s open source just like the consumer version of Proton Pass and offers end-to-end encryption, easy import from any other software, anti-phishing protection, admin tools, and more.

A security researcher with a track record of helping Apple identify vulnerabilities in its software seemingly found one particular security hole too tempting.

Instead of reporting it to the Cupertino company, he allegedly exploited it to scam the company out of gift cards and products worth some $2.5 million …

Malwarebytes has released its latest report digging into the state of malware to start 2024. The findings include which countries see the most ransomware attacks, the evolution of malware over the last year, how Mac threats are growing, which Mac threats to watch out for, and more.

Last week on Security Bite, I discussed a vulnerability in Stolen Device Protection, a newly added security feature in iOS 17.3. Vision Pro has since hit the market and has been dominating the headlines. This Sunday, I wanted to give your feed fresh air and discuss some of my favorite security and privacy features as of iOS 17.3. Admittedly, this will also give me more time to poke around at Vision Pro’s privacy and security protections in the real world.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Apple started shipping special research iPhone hardware to security experts in 2020. Naturally, security researchers have been mostly coy about sharing the specifics of what Apple calls “rooted” hardware. Still, there are some program participants who grant a peek behind the curtains from time to time.

We’re just two days away from Vision Pro arriving to the first customers and ahead of the launch, Apple has issued a security patch. To protect against a WebKit flaw that’s been actively exploited, you’ll want to make sure to update to visionOS 1.0.2.

Proposed amendments to the UK’s Investigatory Powers Act (IPA) which could ban Apple security updates worldwide are an “unprecedented overreach,” says the Cupertino company.

Apple previously described the planned powers as “a serious and direct threat to data security and information privacy” – not just to British citizens, but to all tech users worldwide …

Last week, Apple released iOS 17.3 with a new security feature called Stolen Device Protection, which aims to help protect your data in case a thief has stolen your iPhone and obtained the password. However, there’s one flaw that you should be aware of…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A letter to the US Director of National Intelligence reveals that the NSA buys personal data which was illegally-obtained from smartphone users through the apps they use.

The open letter was sent by US senator and member of the Select Committee on Intelligence, Ron Wyden. He asks US security services to cease this practice, and to purge existing data which was obtained illegally …

Both in-app ads and push notifications are being used to identify and spy on iPhone users, according to two separate reports.

The first says that in-app ads are being used to gather data intended to identify your iPhone and send highly sensitive data to security services, while the second found that apps like Facebook and TikTok are using a vulnerability in the way push notifications are handled by iOS to obtain the data for their own use …

A reported Trello data breach has seen the personal details of more than 15 million users put up for sale on the dark web.

A separate Loan Depot ransomware attack resulted in more than 16 million customer accounts compromised, taking a number of the company’s web services offline …

Apple on Monday released iOS 17.3 and macOS Sonoma to the public. The updates bring some new features, such as collaborative playlists in Apple Music and a new Stolen Device Protection mode for iPhone users. However, both updates also come with more than 10 security fixes. Read on as we detail what exactly has been fixed with today’s updates.

An important new security feature for iPhone has arrived with iOS 17.3 that gives you protection in the event your device is stolen. Follow along for how to turn on iPhone Stolen Device Protection and also some advice on whether or not you should use the feature.

Security researchers have detected a new strain of malware hidden in some commonly pirated macOS applications. Once installed, the apps unknowingly execute trojan-like malware in the background of a user’s Mac. What happens from here is nothing good…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A report of an Apple GPU security flaw has been confirmed by the company, acknowledging that the iPhone 12 and M2 MacBook Air are affected.

An exploit has been demonstrated by security researchers, which would allow an attacker to view data processed by the chip, including the results of things like ChatGPT queries …