Security

Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today’s releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50.

In early 2020, Apple joined the FIDO Alliance, an open industry association created to increase the interoperability of authentication methods and reduce reliance on traditional passwords. Now Apple, Google, and Microsoft have committed to expanding support for the FIDO Standard, moving toward a universal “passwordless” sign-in method.

After digging into Apple Silicon, researchers have discovered a new vulnerability that affects Apple’s latest M1 and A14 chips. The Augury Apple Silicon microarchitectural flaw has been demonstrated to leak data at rest but doesn’t appear to be “that bad” at this point.

The Spanish prime minister’s iPhone was infected by NSO’s Pegasus spyware, says the government. Defense Minister Margarita Robles’ phone was also hit. This is just the latest in a slew of high-profile Pegasus attacks revealed within the last few weeks.

While it is foreign governments who would most want to target phones belonging to most prime ministers, there’s another obvious suspect in the case of Spain …

Cellebrite iPhone cracking kit allows the company’s clients to access virtually all of the private data stored on a phone – in some cases, even if the phone is locked.

But the exact capabilities depend on both the model of the iPhone and the version of iOS it is running. We managed to get access to the user documentation for a recent version of the kit to see what it can do …

We learned last month that Apple was tricked into releasing personal data to hackers, after they posed as law enforcement officials with emergency data requests. A follow-up report reveals that some of this data was used to sexually extort minors.

The latest report also sheds light on how the hackers were able to fool Apple and other tech giants, including Facebook, Google, Snap, Twitter, and Discord …

T-Mobile has suffered another data breach, this time carried out by young hackers that were part of the LAPSUS$ group. While T-Mobile has said that no customer or government information was compromised, it appears LAPSUS$ gained access to T-Mobile’s source code repositories along with its customer account management system.

An iCloud crypto wallet attack saw an estimated $650,000 worth of cryptocurrency and NFTs stolen from a trader within seconds.

While the attack relied on a sophisticated piece of phishing, it also revealed a key iCloud vulnerability with MetaMask …

NSO spyware Pegasus targeted US iPhones indirectly, despite the company forbidding customers from infecting phones with American SIMs. Devices belonging to Catalan politicians and others were also infected, with the Spanish government suspected to be responsible.

Additionally, it was discovered that a device connected to the network at 10 Downing Street – the office of British prime minister Boris Johnson – was also infected …

With the release of macOS Monterey 12.3.1 on March 31, Apple has fixed two zero-day exploits in its operating system. However, the company is yet to patch these exploits in macOS Big Sur and macOS Catalina – as these versions were likely affected by the same vulnerabilities and are still supported by the company.

It’s been revealed that NSO’s Pegasus hacked the iPhone of an award-winning journalist, just weeks after Apple sought an injunction that would bar the company from targeting iPhone users.

NSO’s Pegasus software is so dangerous for two reasons. First, it gives access to almost all the data on the phone, including messages, photos, and location. Second, it works via a zero-click approach …

With the release of iOS 15.4.1 and macOS Monterey 12.3.1 on Thursday, Apple has fixed some bugs in its operating systems. However, in addition to bug fixes, the company also made security enhancements to iOS and macOS, which include patches for multiple zero-day exploits.

A major Wyze Cam security flaw easily allowed hackers to access stored video, and it went unfixed for almost three years after the company was alerted to it, says a new report today.

Additionally, it appears that Wyze Cam v1 – which went on sale back in 2017 – will never be patched, so it will remain vulnerable for as long as it is used …

A report today says that ‘Russian Google’ Yandex is sending data harvested from millions of iOS app users to Russia – whether or not you use the company’s apps. Laws there could compel the company to make the data available to the Russian government.

Your data can be grabbed from a wide range of third-party apps which use a developer tool created by Yandex. Developers save time and money by using the Yandex API AppMetrica to obtain analytics data for their app, while the company gets user data in return …

Messaging interoperability encryption challenges are being discussed by security experts, following the European Union’s decision to make cross-platform messaging capabilities a legal requirement.

There was much debate on whether or not to include messaging interoperability in the Digital Markets Act (DMA), and the challenges of maintaining end-to-end encryption was one of the key issues …

The Okta hack revealed yesterday, and which dated back to January, may have impacted up 366 clients, says the company’s chief security officer, David Bradbury. Okta hasn’t named any of them, so it’s not known at this stage how many end users may be affected.

We noted yesterday that Okta offers single sign-on services to a huge range of blue-chip clients, with its services running on Mac, iOS, Windows, and Android …

Hackers have posted credible screengrabs to back reports of an Okta security breach. Otka provides single sign-on user authentication tools in the enterprise sector, with a huge range of blue-chip clients. Its tools are available for Mac and iOS, as well as Windows and Android.

The hacking group LAPSUS$, known for its ransomware attacks, says that it is targeting Otka users …

A password-less future could be even more convenient, thanks to the latest addition to the FIDO standard – which Apple brands as Passkeys in iCloud Keychain.

The proposal means that you could automatically log in to a secure website, for example, simply by having a second Apple device with you …

Apple’s TestFlight is a tool created to help developers distribute their beta apps to users before they are released on the App Store to everyone. However, scammers have been using the platform to distribute malicious apps without Apple’s knowledge.