Apple – Page 27 – PossibleThreat Articles

Second Israeli firm accused of undermining iPhones, like NSO Group

February 3, 2022 0 Comments Apple, iPhone, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

QuaDream made use of the same flaw to commit similar attacks against iPhones.
The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
Apple closed this vulnerability in September 2021.
It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

Security Sophos

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

February 3, 2022 0 Comments Apple, fonts, Naked Security Podcast, Podcast, Privacy, Safari, scams, zero day

Credit to Author: Paul Ducklin| Date: Thu, 03 Feb 2022 16:20:49 +0000

Latest episode – listen now!

ComputerWorld Independent

Why Apple’s improved 2FA protection matters to business

February 2, 2022 0 Comments Apple, iOS, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Tue, 01 Feb 2022 06:01:00 -0800

Apple has introduced a new layer of protection to its existing two-factor authentication (2FA) system, making it a little harder for phishing attacks to successfully steal valuable authentication credentials.

Given that Apple, PayPal, and Amazon were the top three brands used for successful phishing attacks last year, according to a recent Jamf report, this matters.

Phishing costs billions and is bad for business

Phishing is a huge problem. The scale of these attacks shot up during the pandemic. The FBI Internet Crime Report 2020 revealed that phishing attacks affected 241,342 victims in 2020, up from 114,702 in 2019, with adjusted losses of more than $54 billion. Verizon’s 2021 Data Breach Investigations Report confirmed that 36% of data breaches that year involved phishing.

To read this article in full, please click here

ComputerWorld Independent

Jamf CEO weighs in on Apple deployments and enterprise security

February 2, 2022 0 Comments Apple, MacOS, Mobile, Security, small and medium business

Credit to Author: Jonny Evans| Date: Thu, 27 Jan 2022 08:34:00 -0800

“Apple will become the number one device ecosystem in the enterprise by the end of this decade,” Jamf CEO Dean Hager told me while introducing an in-depth enterprise security trends report that enterprises should look at.

Apple continues to see incredible growth

The nature of enterprise IT is rapidly becoming multiplatform. Jamf recently shared some details concerning the rapid growth in Apple device deployments it is seeing in business. For example, it now has 60,000 active customers, up from 36,000 two years before that – and believes new services such as Apple Business Essentials will help maintain this growth.

To read this article in full, please click here

ComputerWorld Independent

Cellular networks revolt against Apple privacy moves

February 2, 2022 0 Comments Apple, iOS, Mobile, Privacy, Security, small and medium business

Credit to Author: Jonny Evans| Date: Wed, 12 Jan 2022 09:43:00 -0800

Every time Apple attempts to inject a little more privacy into the digital world, it faces pushback – but the evidence suggests opponents would be better off going along for the ride.

A bigger business with more privacy

Take Do Not Track for ads and the move to quash IDFA tracking in iOS 14. When Apple first announced its plan, critics across the ad industry complained it would damage their business.

Apple counter-argued that it would simply inspire advertisers to think more creatively about how to reach customers — while also providing more privacy to those customers.

To read this article in full, please click here

MalwareBytes Security

Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs

February 2, 2022 0 Comments Apple, Exploits and vulnerabilities, MacOS, popup, Safari, uri, url, uxss

Credit to Author: Christopher Boyd| Date: Thu, 27 Jan 2022 11:43:49 +0000

A researcher discovered a way to gain control of both webcams and any open session in Safari. How did they do it?

Categories: Exploits and vulnerabilities

Tags: Apple macOS popup safari URI url UXSS

Security Sophos

Apple fixes Safari data leak (and patches a zero-day!) – update now

February 2, 2022 0 Comments Apple, Exploit, iOS, iPhone, MacOS, OS X, Patch, Privacy, rce, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 27 Jan 2022 21:09:53 +0000

That infamous “supercookie” bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

ComputerWorld Independent

Apple is sneaking around its own privacy policy — and will regret it

February 2, 2022 0 Comments Apple, Data privacy, Mobile, Privacy, small and medium business

Credit to Author: Evan Schuman| Date: Fri, 07 Jan 2022 03:04:00 -0800

Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale.

Much of this involves the definition of privacy. Fortunately for Apple’s marketing people, “privacy” is the ultimate undefinable term because every user views it differently. If you ask a 60-year-old man in Chicago what he considers to be private, you’ll get a very different answer than if you asked a 19-year-old woman in Los Angeles. Outside the US, privacy definitions vary even more. Germans and Canadians truly value privacy, but even they don’t agree on what they personally consider private.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Defender for Endpoint brings remote deployment to iOS

February 2, 2022 0 Comments Apple, endpoint protection, enterprise mobile management, iOS, Microsoft, Security

Credit to Author: Jonny Evans| Date: Thu, 06 Jan 2022 07:45:00 -0800

With the latest Microsoft Defender for Endpoint (MDE) preview for iOS, Microsoft has taken another step that should make life easier for IT administrators who need to secure remote iOS devices at the endpoint.

Endpoint protection without the user friction

The MDE preview includes a new capability to install Defender for Endpoint remotely and automatically on any devices enrolled in the service. The company first announced its intention to deliver the feature last month.

In practice, this seems relatively friction-free.

To read this article in full, please click here

MalwareBytes Security