Credit to Author: Jagadeesh Chandraiah| Date: Wed, 17 May 2023 10:00:36 +0000
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
Read moreCategories: Apple Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: Rapid Security Response Tags: RSR After announcing Rapid Security Response (RSR) last year, Apple has finally released the first RSR patches to the public. |
The post Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users appeared first on Malwarebytes Labs.
Read more
The days when people can be abusively tracked using devices such as Apple’s AirTags may be numbered; both Apple and Google today jointly announced work on a new standard that will prevent this from happening and hinted that Android users will soon be able to tell whether they’re being tracked by an AirTag.
The two companies say they have been working on a new industry specification to help prevent Bluetooth location-tracking devices being used to track people without permission. They also seem to have the industry behind them, as Samsung, Tile, Chipolo, eufy Security, and Pebblebee have all expressed support for the draft specification, which has been filed with the Internet Engineering Task Force (IETF).
When Apple CEO Tim Cook in 2016 warned of a cybersecurity war, he was specifically discussing the pressure Apple then faced to create back doors on its platforms so law enforcement could snoop on users.
He was championing encryption and opposing the creation of designer vulnerabilities that can be exploited by any entity that knows they exist. Since then, we’ve seen a cancerous tumult of surveillance as a service that companies such as the NSO Group break out, each of them using the kind of hard-to-find flaws governments may insist on platform providers creating.
Earlier this week, we saw research showing the noxious NSO Group continues to spy on people’s iPhones in Mexico. Now, Jamf Threat Labs has found additional attacks against human rights activists and journalists in the Middle East and Europe, one of whom worked for a global news agency.
The main thrust of the latest research is that while Apple has taken steps to protect devices running the most recent versions of iOS, these attacks are still being made against older iPhones. Jamf warns that the attacks “prove malicious threat actors will exploit any vulnerabilities in an organization’s infrastructure they can get their hands on.”
No matter what US President Joseph R. Biden Jr. said, NSO Group is still around; the privatized spying service produced zero-click exploits against iOS 15 and iOS 16 last year, according to the latest report from Citizen Lab.
It also suggests Lockdown Mode is effective against such attacks.
The report reflects what Citizen Lab learned from investigating attacks against Mexican human rights defenders. The researchers conclude that NSO Group, called “mercenary hackers” by Apple, has made wide use of at least three zero-click exploits in Apple’s iPhone operating systems against civil society targets worldwide. NSO Group is the infamous firm that created the Pegasus tool used to spy on people.
Credit to Author: Paul Ducklin| Date: Mon, 17 Apr 2023 14:17:46 +0000
USB charging stations – can you trust them? What are the real risks, and how can you keep your data safe on the road?
Read more
Credit to Author: Paul Ducklin| Date: Mon, 10 Apr 2023 20:20:44 +0000
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now!
Read more
Credit to Author: Paul Ducklin| Date: Sat, 08 Apr 2023 01:20:44 +0000
A bug to hack your browser, then a bug to pwn the kernel… reported from the wild by Amnesty International.
Read more
Apple’s decision to support MAC Address Randomization across its platforms may provide some degree of protection against a newly-identified Wi-Fi flaw researchers say could let attackers hijack network traffic. iOS, Linux, and Android devices may be vulnerable.
The researchers have identified a fundamental flaw in the design of the IEEE 802.11 Wi-Fi standard attackers could exploit to trick access points (Wi-Fi base stations) into leaking information. The researchers do not claim the vulnerability is being actively exploited, but warn that it might enable the interception of network traffic.