Security

Last week on Security Bite, I discussed a vulnerability in Stolen Device Protection, a newly added security feature in iOS 17.3. Vision Pro has since hit the market and has been dominating the headlines. This Sunday, I wanted to give your feed fresh air and discuss some of my favorite security and privacy features as of iOS 17.3. Admittedly, this will also give me more time to poke around at Vision Pro’s privacy and security protections in the real world.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Apple started shipping special research iPhone hardware to security experts in 2020. Naturally, security researchers have been mostly coy about sharing the specifics of what Apple calls “rooted” hardware. Still, there are some program participants who grant a peek behind the curtains from time to time.

We’re just two days away from Vision Pro arriving to the first customers and ahead of the launch, Apple has issued a security patch. To protect against a WebKit flaw that’s been actively exploited, you’ll want to make sure to update to visionOS 1.0.2.

Proposed amendments to the UK’s Investigatory Powers Act (IPA) which could ban Apple security updates worldwide are an “unprecedented overreach,” says the Cupertino company.

Apple previously described the planned powers as “a serious and direct threat to data security and information privacy” – not just to British citizens, but to all tech users worldwide …

Last week, Apple released iOS 17.3 with a new security feature called Stolen Device Protection, which aims to help protect your data in case a thief has stolen your iPhone and obtained the password. However, there’s one flaw that you should be aware of…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A letter to the US Director of National Intelligence reveals that the NSA buys personal data which was illegally-obtained from smartphone users through the apps they use.

The open letter was sent by US senator and member of the Select Committee on Intelligence, Ron Wyden. He asks US security services to cease this practice, and to purge existing data which was obtained illegally …

Both in-app ads and push notifications are being used to identify and spy on iPhone users, according to two separate reports.

The first says that in-app ads are being used to gather data intended to identify your iPhone and send highly sensitive data to security services, while the second found that apps like Facebook and TikTok are using a vulnerability in the way push notifications are handled by iOS to obtain the data for their own use …

A reported Trello data breach has seen the personal details of more than 15 million users put up for sale on the dark web.

A separate Loan Depot ransomware attack resulted in more than 16 million customer accounts compromised, taking a number of the company’s web services offline …

Apple on Monday released iOS 17.3 and macOS Sonoma to the public. The updates bring some new features, such as collaborative playlists in Apple Music and a new Stolen Device Protection mode for iPhone users. However, both updates also come with more than 10 security fixes. Read on as we detail what exactly has been fixed with today’s updates.

An important new security feature for iPhone has arrived with iOS 17.3 that gives you protection in the event your device is stolen. Follow along for how to turn on iPhone Stolen Device Protection and also some advice on whether or not you should use the feature.

Security researchers have detected a new strain of malware hidden in some commonly pirated macOS applications. Once installed, the apps unknowingly execute trojan-like malware in the background of a user’s Mac. What happens from here is nothing good…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

A report of an Apple GPU security flaw has been confirmed by the company, acknowledging that the iPhone 12 and M2 MacBook Air are affected.

An exploit has been demonstrated by security researchers, which would allow an attacker to view data processed by the chip, including the results of things like ChatGPT queries …

The security vulnerability which seemingly led to an AirDrop crack by a Chinese state institute has been known to Apple since at least 2019, according to a new report.

Some new details are also emerging about how China is able to obtain the phone numbers and email addresses of people transferring files via AirDrop …

In a significant breach of Apple’s privacy measures, a new report says that AirDrop was cracked by the Chinese government, to reveal the phone number and email address of senders.

The anonymity of AirDrop was one of the reasons it has been commonly used by activists to share information about protests, and other information censored by the government …

Macs are more protected from malicious software like viruses, Trojans, adware, etc. than Windows and Linux. However, they aren’t immune, and more and more malware is being designed specifically for Mac. Whether you just want to do a checkup or think your (or someone else’s) machine might be affected, here’s a look at 6 valuable malware/virus scanner Mac tools including free and paid options.

Between 2019 and December 2022, an extremely advanced iMessage vulnerability was in the wild that was eventually named “Operation Triangulation” by security researchers at Kasperksy who discovered it. Now, they’ve shared everything they know about the “most sophisticated attack chain” they’ve “ever seen.”

Apple has released iOS 17.2.1 and macOS Sonoma 14.2.1. Notably, the latter includes a patch for a vulnerability with screen sharing that can show others content from random “spaces” on your Mac when it looks like your desktop is empty. Here are the details.

An Xfinity data breach has been revealed by the company, in which hackers were able to obtain a wide range of customer information.

Data obtained for at least some Xfinity customers “may” include usernames, hashed passwords, real names, contact information, date of birth, last four digits of social security numbers, and security questions and answers …

December could very well be security month at Apple with the launch of Stolen Device Protection, the shuttering of Beeper Mini, and now, the stealthy fix to a Bluetooth exploit that has been wreaking havoc for iPhone and iPad users since its discovery in September.

The on-off Apple vs Corellium legal battle has been going on now for four years, but the final case has now been settled out of court, according to a report today.

The dispute had an amusing moment when Apple failed in its claim that Corellium had breached copyright by replicating iOS – and responded by claiming copyright infringement of Apple wallpapers …