Researchers build a scary Mac attack using AI and sound

A UK research team based at Durham University has identified an exploit that could allow attackers to figure out what you type on your MacBook Pro — based on the sound each keyboard tap makes.

These kinds of attacks aren’t particularly new. The researchers found research dating back to the 1950s into using acoustics to identify what people write. They also note that the first paper detailing use of such an attack surface was written for the US National Security Agency (NSA) in 1972, prompting speculation such attacks may already be in place.

“(The) governmental origin of AS- CAs creates speculation that such an attack may already be possible on modern devices, but remains classified,” the researchers wrote.

To read this article in full, please click here

Read more

Apple toughens up app security with API control

Apple is at war with device fingerprinting — the use of fragments of unique device-specific information to track users online. This fall, it will put in place yet another important limitation to prevent unauthorized use of this kind of tech.

Apple at WWDC 2023 announced a new initiative designed to make apps that do track users more obvious while giving users additional transparency into such use. Now it has told developers a little more about how this will work in practice.

To read this article in full, please click here

Read more

Was Steve Jobs right about this?

Perhaps Steve Jobs was right to limit the amount of time he let his children use iPhones and iPads — a tradition Apple maintains with its Screen Time tool, which lets parents set limits on device use. Now, an extensive UNESCO report suggests that letting kids spend too much time on these devices can be bad for them.

Baked in inequality and lack of social skills

That’s the headline claim, but there’s a lot more to the report in terms of exploring data privacy, misuse of tech, and failed digital transformation experiments.

To read this article in full, please click here

Read more

Update now! Apple fixes several serious vulnerabilities

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: WebKit

Tags: CVE-2023-38606

Tags: CVE-2023-32409

Tags: CVE-2023-37450

Tags: CVE-2023-32416

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days.

(Read more…)

The post Update now! Apple fixes several serious vulnerabilities appeared first on Malwarebytes Labs.

Read more

Apple: Proposed UK law is a ‘serious, direct threat’ to security, privacy

New UK government surveillance laws are so over-reaching that tech companies can’t possibly meet all of their requirements, according to Apple, which argues the measures will make the online world far less safe

Apple, WhatsApp, Meta all threaten to quit UK messaging

The UK Home Office is pushing proposals to extend the Investigatory Powers Act (IPA) with a range of proposals that effectively require messaging providers such as Apple, WhatsApp, or Meta to install backdoors into their services. All three services are now threatening to withdraw messaging apps from the UK market if the changes move forward.

To read this article in full, please click here

Read more

This is why personal encryption is vital to the future of business

Data encryption is threatened by government forces who haven’t yet recognized that without personal security, you cannot have enterprise security. Because attackers will exploit any available weakness to undermine protection — and if your people or your customers aren’t secure, neither is your business.

Get with the data

Attackers will always go where the money is. They will spend lots of it to mount attacks. They will delve deeper, and if they’re spending money, they also have the necessary resources to investigate absolutely anyone they can identify as a potential target.

To read this article in full, please click here

Read more

[Updated] Apple issues Rapid Security Response for zero-day vulnerability

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: Safari

Tags: WebKit

Tags: macOS

Tags: iOS

Tags: iPadOs

Tags: CVE-2023-37450

Tags: drive-by

Tags: code execution

Apple has issued an update for a zero-day vulnerability in the WebKit browser engine which may be actively exploited.

(Read more…)

The post [Updated] Apple issues Rapid Security Response for zero-day vulnerability appeared first on Malwarebytes Labs.

Read more

Update now! Microsoft patches a whopping 130 vulnerabilities

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Adobe

Tags: Apple

Tags: Android

Tags: Cisco

Tags: Fortinet

Tags: MOVEit

Tags: Mozilla

Tags: SAP

Tags: VMware

Tags: CVE-2023-32049

Tags: CVE-2023-35311

Tags: CVE-2023-32046

Tags: CVE-2023-36874

Tags: CVE-2023-36844

For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities, four of which are known to have been actively exploited.

(Read more…)

The post Update now! Microsoft patches a whopping 130 vulnerabilities appeared first on Malwarebytes Labs.

Read more