Credit to Author: Paul Ducklin| Date: Tue, 11 Jul 2023 15:21:07 +0000
Previously, we said “do it today”, but now we’re forced back on: “Do not delay; do it as soon as Apple and your device will let you.”
Read more
Apple on Monday distributed its latest Rapid Security Response update to iPhones, iPads, and Macs, rolling out an important security patch to protect devices against a recently identified attack Apple says is already in active use.
“Apple is aware of a report that this issue may have been actively exploited,” the company said in its security note.
That’s bad, as it means someone somewhere has already been attacked using this vulnerability. The patch repairs a flaw found in WebKit in which processing web content could lead to arbitrary code execution.
Credit to Author: Paul Ducklin| Date: Mon, 10 Jul 2023 23:12:04 +0000
Don’t delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 29 Jun 2023 16:58:40 +0000
Latest episode – listen now! (Full transcript inside.)
Read more
Apple has raised its voice against a UK law that will dramatically undermine secure commerce and trust online, warning it could put UK citizens at risk.
And Apple is not alone. More than 80 civil society organizations, academics, and experts from 23 nations have warned against the UK government’s decision, which would turn the UK into the first democracy to require routine surveillance of people’s private chats.
The current UK government’s Online Safety Bill includes the power to force encrypted messaging tools such as WhatsApp, Signal, and iMessage to scan messages.
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. |
The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 22 Jun 2023 00:36:20 +0000
Apple didn’t use the words “Triangulation Trojan”, but you probably will.
Read more
Last week at WWDC, Apple introduced new capabilities related to Managed Apple IDs and to user identity overall.
Managed Apple IDs have been around for some time. They handle many of the same tasks as personal Apple IDs, but are owned by an organization rather than the end user and are typically created alongside a user’s enterprise identity through federated authentication with a company’s identity provider.
Managed IDs allow a user to activate and use an Apple device — whether company owned or personal BYOD— and create a business profile on employee devices. Additionally, they provide Apple services including some core iCloud functionality such as backing up the work-related content on the device and syncing app data from Mail, Calendar, Contacts, and Notes. They also allow IT to manage what resources and devices a user can access, reset passwords, and help with Apple device management.
In a world that needs Apple’s recently-improved Lockdown Mode to protect good people against bad ones, high-risk individuals should consider using physical security keys to protect their Apple ID.
Security keys are small devices that look a little like thumb drives. Apple at WWDC 2020 confirmed plans to support FIDO authentication beginning with iOS 14 and macOS 11; now, with the release of iOS 16.3, iPadOS 16.3, and macOS Ventura 13.2, Apple lets you use them to verify your Apple ID, replacing a passcode. They become one of the two forms of identification you require with two-factor authentication (2FA).