Security

Apple has published its latest Transparency Report covering government and private party requests for data from January 1 to June 30, 2020. This report reveals how many requests were made for user data around the world, and how many with which Apple could comply.

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Epic cited two particularly damning quotes from Eric Friedman, head of the company’s Fraud Engineering Algorithms and Risk unit, in internal documents …

The Pwn2Own 2021 event is promoted by the Zero Day Initiative as a way to encourage developers and researchers to report zero-day vulnerabilities to the affected companies instead of selling these breaches to malicious hackers. This year, systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser.

Facebook will tell you if a page is satire, as well as if it isn’t, in a new initiative. When a satirical page uses the name of a politician, for example, it will be labeled “Satire Page” to ensure that people don’t mistake it for the real person.

Conversely, posts by politicians will be labeled as “Public Official” …

It was revealed over the weekend that a huge data breach saw personal data leaked from Facebook, including phone numbers, full names, and dates of birth. There’s now a way for you to check if any of your personal data was compromised …

Despite all the efforts companies make to improve the security of their devices, there’s always someone working to find new vulnerabilities. This time, a group of advanced hackers managed to infect devices running iOS, Android, and Windows through compromised websites.

A new backdoor threat has been discovered that aims to compromise Apple developers’ Macs with a trojanized Xcode project. This malware can record victims’ microphone, camera, keyboard, and also upload/download files. The first in the wild example of the threat was found within a US organization.

A study looking at new malware found in the wild during 2020 says that threats developed for macOS saw a huge jump – almost 1,100% compared to 2019. But taken into context, that total was less than 1% of the new malware that was discovered for Windows in the same period.

A group of researchers has uncovered what looks to be the first browser-based side-channel attack that’s built entirely from CSS and HTML. The JavaScript-free attack has been found to work across most modern CPUs including Intel, AMD, Samsung, and Apple Silicon. Interestingly, the findings say Apple’s M1 and Samsung’s Exynos chips can sometimes be more susceptible to these novel attacks.

Despite Apple’s efforts to keep iOS secure, it’s difficult to have control over how third-party apps store user data. A new research from mobile security firm Zimperium has found that thousands of iOS and Android apps are exposing users’ personal information due to misconfigured cloud services.

The Aegis Secure Key 3ncx is designed to provide a solution to a problem that remains common even in today’s cloud-based world: balancing convenience with security when it comes to USB keys.

If we all lived in the always-connected, high-speed, cloud-based world, the ads would have us believe, USB keys would be as obsolete as floppy disks. The reality, however, is that they still have a role to play today …

A new report today in the MIT Technology Review dives into Apple’s continued work on device and software security and the potential unintended consequences. While almost all experts agree that the walled garden approach to iPhone has solved major security issues, some are sharing the concern that it’s also giving the world’s top hackers a better place to hide.

A new Unc0ver jailbreak tool works on almost every iPhone, including the iPhone 12. It is based on the same vulnerability Apple said may have been been actively exploited by hackers.

The approach works on iPhones running iOS 11 through to iOS 14.3, as Apple patched the flaws in iOS 14.4…

Apple says that it has taken steps to prevent further spread of the Mac malware known as Silver Sparrow. The malware was notable for the fact that it runs natively on the M1 chip.

Apple says that it has revoked the security certificates of the developer accounts used to sign the packages, which will prevent it being installed on any further Macs…

Apple has published its 2021 update to its Platform Security guide today along with refreshing the Apple Platform Security landing page. The latest guide goes in-depth on the new and updated security features that have arrived with iOS 14, macOS 11 Big Sur, Apple Silicon Macs, watchOS 7, and more. Apple has also launched an all-new Security Certifications and Compliance Center website and guide.

The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild.

Apple’s Fraudulent Website Warning is designed to alert you when you’re about to visit a website that is known to host malware, or that is believed to be a phishing site. Previously, that check consulted a database hosted on a Google server, but as of iOS 14.5 it instead uses an Apple proxy to better protect user privacy.

That adds an extra layer of privacy to the protection Apple was already employing …