Apple beefs up enterprise identity, device management

Last week at WWDC, Apple introduced new capabilities related to Managed Apple IDs and to user identity overall.

Managed Apple IDs have been around for some time. They handle many of the same tasks as personal Apple IDs, but are owned by an organization rather than the end user and are typically created alongside a user’s enterprise identity through federated authentication with a company’s identity provider. 

Managed IDs allow a user to activate and use an Apple device — whether company owned or personal BYOD— and create a business profile on employee devices. Additionally, they provide Apple services including some core iCloud functionality such as backing up the work-related content on the device and syncing app data from Mail, Calendar, Contacts, and Notes. They also allow IT to manage what resources and devices a user can access, reset passwords, and help with Apple device management.

To read this article in full, please click here

Read more

How and why to use FIDO Security Keys for Apple ID

In a world that needs Apple’s recently-improved Lockdown Mode to protect good people against bad ones, high-risk individuals should consider using physical security keys to protect their Apple ID.

What are Security Keys and what do they do?

Security keys are small devices that look a little like thumb drives. Apple at WWDC 2020 confirmed plans to support FIDO authentication beginning with iOS 14 and macOS 11; now, with the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple lets you use them to verify your Apple ID, replacing a passcode. They become one of the two forms of identification you require with two-factor authentication (2FA).

To read this article in full, please click here

Read more

WWDC: 18+ ways Apple plans to make you more secure

Vision Pro, Apple Silicon, Macs, new enterprise tools — and privacy protection were all among the many WWDC announcements Apple made this week.

Introducing these protections, Craig Federighi, Apple’s senior vice president for  software engineering said: “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world.

To read this article in full, please click here

Read more

Microsoft gives Apple a migraine

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: macOS

Tags: Ventura 13.4

Tags: Monterey 12.6.6

Tags: Big Sur 11.7.7

Tags: libxpc

Tags: SIP

Tags: XPC

Tags: NVRAM

Tags: CVE-2023-32369

Tags: Migraine

Microsoft has released details about a vulnerability that can bypass macOS’s System Integrity Protection

(Read more…)

The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.

Read more

A week in security (May 22-28)

Categories: News

Tags: Cisco

Tags: Zyxel

Tags: ChatGPT

Tags: Malvertising

Tags: Apple

Tags: Google

Tags: insider threat

Tags: Pentagon explosion

Tags: CISA

Tags: ransomware guide

Tags: Rheinmetall

Tags: BlackBasta

Tags: WordPress

A list of topics we covered in the week of May 22- 28 of 2023

(Read more…)

The post A week in security (May 22-28) appeared first on Malwarebytes Labs.

Read more

Addigy promises a fix for Apple devices stuck on OSUpdateScan

Enterprise admins handling fleets of Macs take note: there’s a new security management tool from Apple device management firm Addigy.

The MDM Watchdog Utility monitors the MDM framework on devices and automatically forces software patches to be installed if they’re not already in place. This is designed to help solve a specific problem in which some (not all) managed Macs do not properly install Apple’s Rapid Security Response updates.

When security isn’t

In today’s fast-moving threat environment, Apple has introduced Rapid Security Response (RSR) as a key front line against new threats. The defense is intended to be distributed and installed across Apple’s platforms as swiftly as possible once new threats are identified. The idea is that by expediting distribution and making installation a quicker process, it will be easier to maintain security across Mac fleets. That’s important as the scale of Apple deployments grows and enterprises move to support employee choice.

To read this article in full, please click here

Read more

Update now! Apple issues patches for three actively used zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: RSR

Tags: CVE-2023-32409

Tags: CVE-2023-28204

Tags: CVE-2023-32373

Tags: out of bounds

Tags: use after free

Apple issued information about patches against three actively exploited zero-days in WebKit. One vulnerability is new, two were patched earlier this month.

(Read more…)

The post Update now! Apple issues patches for three actively used zero-days appeared first on Malwarebytes Labs.

Read more

Why Apple's iOS 16.6 upgrade will be talk of the town

Apple’s big developer event is approaching, and it looks as if the company will press home its message on privacy as it begins to seed support for the AR operating systems it’s now expected to announce there.

Apple wants to get you updating

As of now, the Worldwide Developer Conference (WWDC) starting June 5 seems set to see Apple introduce its first mixed reality glasses, likely called RealityPro. These will be accompanied by an operating system that recent patent filings suggest will be called xrOS or xrProOS. The event will also see Apple introduce new iterations of its other operating systems, which developers will be able to work with soon after the show.

To read this article in full, please click here

Read more

Apple bans employees from using ChatGPT. Should you?

Read more