While Apple continues beta testing of macOS 12 Monterey, a new macOS Big Sur update has landed for all Mac users with 11.6. The new software hasn’t been beta tested and brings two important security updates that may have been actively exploited. There’s also an update for those running macOS Catalina.
Expand Expanding Close
London police chief Cressida Dick has used the 20th anniversary of 9/11 to attack companies like Apple, WhatsApp, Telegram, and Signal for offering end-to-end encrypted message services.
It follows the British Home Secretary – in charge of policing for the UK – seeking tech companies to find some way to break end-to-end encryption …
Expand Expanding Close
The British government has expressed support for Apple’s now-delayed CSAM scanning plans, and says that it wants the ability to scan encrypted messages for CSAM, even where end-to-end encryption is used.
The country is offering to pay anyone who can find a way “to keep children safe in environments such as online messaging platforms with end-to-end encryption” …
Expand Expanding Close
An annual National Privacy Test shows that Germans are the most privacy-savvy of 197 nationalities surveyed, followed by Americans…
Expand Expanding Close
A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.
Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables …
Expand Expanding Close
The popular messaging app WhatsApp recently faced a major security vulnerability that could lead to sensitive data leakage. Although the exploit has now been fixed by the company, it shows that even end-to-end encryption can be bypassed by hackers.
Expand Expanding Close
Update: Apple did make a security announcement, but only a supply-chain related one.
We learned earlier this week about a potential Tim Cook White House visit to attend a cybersecurity summit hosted by President Biden. Cook’s participation has now been confirmed by a list of attendees shared by an administration official, and could provide an excellent opportunity for Apple’s CEO to drive home the company’s stance on privacy and strong encryption.
A new report today also raises the possibility of a security-related announcement by Apple after the meeting has finished …
Expand Expanding Close
A newly discovered NSO Pegasus zero-click iPhone attack against a human rights activist managed to succeed despite Apple’s Blastdoor protections, according to security researchers at Citizen Lab.
It is unclear, however, whether the protections Apple added to iOS 14.7.1 would have succeeded in blocking the attack, as it took place at a time when iOS 14.6 was the latest version available …
Expand Expanding Close
In a massive data breach we first learned about earlier this week, T-Mobile is continuing to discover the extent of the damage that’s rising beyond 50 million accounts. In an update today, the uncarrier says it has found an additional 5.3 million current postpaid customer accounts had their name, address, date of birth, or other personal information compromised.
Expand Expanding Close
There has been a claimed AT&T hack of personal data from 70 million customers, less than a week after a confirmed hack of tens of millions of T-Mobile customer records. In both cases, the data includes social security numbers.
Update: The carrier denied in stronger terms that it was hacked.
Expand Expanding Close
Update: Apple mentions a second check on the server, and a specialist computer vision company has outlined one possibility of what this might be – described below under ‘How the second check might work.’
An early version of the Apple CSAM system has effectively been tricked into flagging an innocent image, after a developer reverse-engineered part of it. Apple, however, says that it has additional protections to guard against this happening in real-life use.
The latest development occurred after the NeuralHash algorithm was posted to the open-source developer site GitHub, enabling anyone to experiment with it…
Expand Expanding Close
A developer claims to have reverse-engineered the NeuralHash algorithm used in Apple’s CSAM detection. Conflicting views have been expressed about whether this would enable the child sexual abuse material detection system to be defeated…
Expand Expanding Close
The T-Mobile hack reported earlier this week has now been confirmed by the company. Some of the details differ from claims made by the hacker, but the carrier has admitted that 47.8 million records were taken – and not just from customers. You could be at risk if you have ever even applied for a T-Mobile account, whether or not it was ever opened…
Expand Expanding Close
Security company Corellium is offering to pay security researchers to check Apple CSAM claims, after concerns were raised about both privacy, and the potential of the system for misuse by repressive governments.
The company says that there are any number of areas in which weaknesses could exist, and they would like independent researchers to look for these…
Expand Expanding Close
Update: T-Mobile has confirmed a security breach, but says it doesn’t yet know the extent of it. Statement below.
A hacker is selling what they claim is personal data from 100 million T-Mobile customers in the US, stating that this means full records for each customer, including social security numbers…
Expand Expanding Close
Update: This bill did not get as far as a vote.
This bill was introduced on June 23, 2020, in a previous session of Congress, but it did not receive a vote.
Although this bill was not enacted, its provisions could have become law by being included in another bill. It is common for legislative text to be introduced concurrently in multiple bills (called companion bills), re-introduced in subsequent sessions of Congress in new bills, or added to larger bills (sometimes called omnibus bills).
A bill proposed in the US Senate would effectively make it a legal requirement for Apple to build a backdoor into iPhones. It would make it illegal for Apple and other tech giants to use strong encryption for either devices or cloud services …
Expand Expanding Close
NSO has blocked more clients from using its Pegasus spyware, according to a source within the company, while it investigates reports of misuse.
The Israeli company was reported to have previously blocked five governments from using the malware after conducting a “human rights audit,” and has now suspended access to others …
Expand Expanding Close
Apple yesterday released iOS 14.7.1, with a reference to an iOS security fix for a vulnerability that may have been actively exploited …
Expand Expanding Close
In an interview with the Guardian, the WhatsApp CEO talks about NSO malware and says Apple should “be loud, join in” rather than saying this won’t affect many of its users.
Expand Expanding Close
iOS security researcher Will Strafach agrees with a recent claim that Apple can do more when it comes to combating NSO and others who exploit combat zero-day vulnerabilities in iOS.
It follows a report by Amnesty International that said that NSO spyware Pegasus was being used to mount zero-click attacks against human rights activists, lawyers, and journalists …
Expand Expanding Close
Apple’s official account was one of more than 100 taken over in the Twitter hack just over a year ago. One of those involved was quickly arrested and subsequently imprisoned, and another of those accused has now been arrested …
Expand Expanding Close
Along with macOS 11.5 being released, security updates have arrived for both macOS Catalina and Mojave. Fixes included are for flaws that could lead to malicious applications gaining root access, arbitrary code being executed with kernel privileges, and more.
Expand Expanding Close
XLoader malware has now migrated from Windows machines to attack Macs too. An evolution of the malware known as Formbook, it lets an attacker log keystrokes, take screenshots, and access other private information.
Worryingly, the malware is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users …
Expand Expanding Close
An associate professor at the Johns Hopkins Information Security Institute has said that Apple can and must do more to prevent NSO attacks.
He argues that while it’s true that it is impossible to completely prevent exploits based on zero-day vulnerabilities, there are two steps that the iPhone maker can take to make NSO’s job much harder …
Expand Expanding Close