Apple's disappearing Rapid Security Response update

Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.

That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.

To read this article in full, please click here

Read more

Apple warns that UK's Online Safety Bill puts people at 'greater risk'

Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.

And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.

The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.

To read this article in full, please click here

Read more

Update now! Apple fixes three actively exploited vulnerabilities

Categories: Apple

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: kernel webkit

Tags: CVE-2023-32434

Tags: CVE-2023-32435

Tags: CVE-2023-32439

Tags: type confusion

Tags: integer overflow

Tags: operation triangulation

Apple has released security updates for several products to address a set of flaws it said were being actively exploited.

(Read more…)

The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.

Read more

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Read more

Apple beefs up enterprise identity, device management

Last week at WWDC, Apple introduced new capabilities related to Managed Apple IDs and to user identity overall.

Managed Apple IDs have been around for some time. They handle many of the same tasks as personal Apple IDs, but are owned by an organization rather than the end user and are typically created alongside a user’s enterprise identity through federated authentication with a company’s identity provider. 

Managed IDs allow a user to activate and use an Apple device — whether company owned or personal BYOD— and create a business profile on employee devices. Additionally, they provide Apple services including some core iCloud functionality such as backing up the work-related content on the device and syncing app data from Mail, Calendar, Contacts, and Notes. They also allow IT to manage what resources and devices a user can access, reset passwords, and help with Apple device management.

To read this article in full, please click here

Read more

How and why to use FIDO Security Keys for Apple ID

In a world that needs Apple’s recently-improved Lockdown Mode to protect good people against bad ones, high-risk individuals should consider using physical security keys to protect their Apple ID.

What are Security Keys and what do they do?

Security keys are small devices that look a little like thumb drives. Apple at WWDC 2020 confirmed plans to support FIDO authentication beginning with iOS 14 and macOS 11; now, with the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple lets you use them to verify your Apple ID, replacing a passcode. They become one of the two forms of identification you require with two-factor authentication (2FA).

To read this article in full, please click here

Read more