A bug in Apple’s recent iOS releases, including this week’s iOS 13.4 is keeping VPNs from being able to fully encrypt user traffic and data. Apple is aware of the issue and is currently working on a fix. In the meantime, there’s an easy workaround you can use to keep your VPN connection working as intended.
Analytics platform Sensor Tower has been secretly collecting data from users through VPN and ad-blocking apps on iOS and Android, a new report from BuzzFeed News says. The apps would prompt users to install root certificates through Safari, bypassing Apple’s restrictions.
Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.
The sophistication of the malware makes re-purposing it attractive to other attackers, including other governments …
Just about a year ago, it came to light just how easy it was to buy the real-time location data of US wireless customers via lax carrier standards, shady third-parties, and bounty hunters. Now after an “extensive investigation” the FCC has declared that “one or more wireless carriers apparently violated federal law.”
There’s an emerging health crisis at the moment, besides coronavirus: the head injuries caused by techies banging their heads on their desks at each piece of evidence that governments don’t understand how end-to-end encryption works.
The latest example of this, reported in the Guardian, was the head of Britain’s domestic counterintelligence and security agency, MI5, calling on tech companies like Apple and Facebook to continue to offer end-to-end encryption, but to provide MI5 access “on an exceptional basis”…
A flaw in Wi-Fi chips made by Cypress Semiconductor and Broadcom left “billions of devices” open to an eavesdropping vulnerability, ArsTechnica reports today. The flaw was announced by researchers at the RSA security conference today, and has already been patched by most manufacturers.
Expand
Expanding
Close
Apple has announced that it will boost Safari security for secure websites from September 1st. From that date, the browser will only accept HTTPS certificates issued within the past 13 months.
While this is a technical-sounding change, it’s should provide greater protection against two separate risks …
A new demo from researchers at Mysk shines a light on the free, unrestricted, access all apps have to the iOS clipboard.
In the video, the developers create a dummy app that simply prints out the information gleaned from the clipboard. When the user copies an image, the app can immediately see the image content and the metadata like the location of where the photo was taken. This becomes a little more sinister when the demo shows that installed widgets can also silently collect all data copied to the clipboard, without user knowledge.
Cybersecurity company Wandera found that some 23 iOS file-conversion apps used by three million people fail to use encryption, potentially putting the documents at risk.
All the apps in question were created by a single developer, Cometdocs, but Wandera says that the discovery raises a broader security issue…
Apple’s Secure Enclave set a precedent in smartphone security that has so far been followed by many Android brands.
A new research study found that Huawei, Samsung, Xiaomi, OnePlus, Vivo, LG, Oppo, and Sony all now have models with equivalent embedded hardware security features…
Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.
For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]
In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.
That’s getting a lot of headlines today, but there are three key things that need to be understood…
The Fido Alliance, an organization committed to eliminating the need for passwords, received a big boost last week when Apple signed up as a board member. Fido stands for Fast IDentity Online.
Apple apparently wasn’t ready to announce its support immediately, as tweets from a Fido Alliance conference were quickly deleted, but as of today, the news is official…
A new report from Motherboard today dives into a few iOS and Mac email apps/services that aren’t being very transparent about selling users’ personal data. Notably, one of them is even in Apple’s App Store ranked in the top 100 for productivity apps.
Last fall we learned about a flaw with the Mail app in macOS that would prevent encrypted emails from being encrypted. With the public release of macOS 10.15.3 last week, the researcher who discovered the bug says it has been fixed.
In early January, the FBI asked Apple to unlock two iPhones as part of the Pensacola case. Apple stood its ground and said it wouldn’t create a backdoor for iOS but would help as much as it could without crossing that line. Even though the FBI has the ability to unlock the iPhone 7 and iPhone 5 with the help of third-parties, today it said it still hasn’t been able to get to the data on the devices.
If you use WhatsApp on Mac, you’ll want to make sure the desktop app has been updated to the current version, 0.4.316. This closes a very nasty security hole.
The vulnerability was discovered by security researcher Gal Weizman. It built on an earlier issue in which replies could fake the original text…
A Philips Hue vulnerability allows a hacker to take control of individual bulbs, switching them on or off at will, as well as changing both color and brightness. This can be done remotely using a laptop with radio transmitter. You can watch a demonstration video below.
While that risk remains, the company has acted to block an escalation vulnerability that previously allowed the attacker to compromise the Hue bridge and from there the rest of the network, including any PCs connected to it…
Update: The Iowa Democratic Party has issued a statement, below, saying that data was correctly logged but not properly reported due to a bug in the app. It also claims that it did put the app through independent security testing, contradicting the claim made by the NYT.
Failures surrounding the use of a new Iowa caucus app have seen the Iowa Democratic Party unable to promptly report the results of the first party member vote for its 2020 presidential candidates. A report on the debacle describes it as a ‘systematic disaster’…
One of Apple’s key goals with HomeKit was to make smart home devices secure. The UK government has announced it wants to play its part in achieving the same thing by requiring all devices to meet three simple security requirements…
Doubt is today being cast on a reported Jeff Bezos iPhone hack, which was said to have given attackers full access to the photos and messages stored on his iPhone X.
The report was based on analysis by a cybersecurity firm commissioned by the Amazon founder to find out how private messages and photos were obtained by the National Enquirer…
A forensic analysis shows that a sophisticated attack on Jeff Bezos’ iPhone X gave full access to both his photos and messages.
The attack, and the alleged attempted blackmail that followed, led to the famous “No thank you, Mr Pecker” blog post in which the Amazon founder decided to go public about the existence of embarrassing texts and photos…
Google researchers have discovered “multiple security flaws” in Apple’s Safari browser, a new report from the Financial TImes says. The flaws were found in Safari’s Intelligent Tracking Prevention feature, which is designed to protect users from cross-site tracking and other online privacy concerns, and have since been fixed.
Kicking off 2020, security and privacy is a hot topic between the latest standoff between Apple and the FBI over the Pensacola incident as well as Apple reportedly abandoning its plan to bring end-to-end encryption to iCloud backups. With an in-depth report on what a robust iPhone cracking operation looks like from the inside, Fast Company shares some fascinating details and photos of NYC’s $10 million cyber lab.
Amid its ongoing encryption battle with the FBI, Apple has published its latest biannual transparency report. This report reveals how many requests were made for user data by governments around the world, and how many with which Apple could comply.