Security

Alongside iOS 17.2 arriving today, Apple has released macOS 14.2. As it happens, the new Mac release comes with double the amount of security fixes of iOS. Here are the 20 flaws fixed with the latest update.

Apple released iOS 17.2 for all users today with the new Journal app, spatial video capture, iMessage Contact Key Verification, and more. Along with those new features, the update comes with 10 important security fixes across Find My, kernel, Safari, WebKit, and Siri.

Following up on last year’s report “The Rising Threat to Consumer Data in the Cloud”, Apple has shared a new study from MIT’s Dr. Madnick that looks at how cyber threats are growing worldwide. Read on for a look at the state of online security and what we can do to limit our exposure and risk like using Apple’s Advanced Data Protection.

Apple released an important security update today for iPhone, iPad, and Mac. The list of fixes is short, but iOS 17.1.2 and macOS Sonoma 14.1.2 patch two web-based security flaws that have been actively exploited.

If you use Chrome on Mac, it’s strongly recommended to update it immediately, as a security flaw discovered by Google is being actively exploited by attackers. It could potentially allow personal data to be extracted from your Mac (the same issue also affects Chrome on Windows and Linux).

Google says it is aware of at least one real-life case of the exploit being used by a bad actor …

Update: Whether AirDrop is vulnerable to this exploit is unclear, but the odds are against it. See the update at the end.

Two newly-discovered Bluetooth security flaws allow attackers to hijack the connections of all devices using Bluetooth 4.2 to 5.4 inclusive – that is, all devices between late 2014 and now.

Six separate exploits have been demonstrated, allowing both device impersonations and man-in-the-middle attacks …

While Windows laptop users like to think they have their own version of Touch ID, it appears not to offer the same level of security. The Windows Hello fingerprint authentication system on the top three laptops to use it has been put to the test by security researchers – and all three failed.

To be fair, the team was carrying out the penetration tests at the request of Microsoft – but it was a Microsoft Surface product that turned out to be easiest to bypass …

A powerful new malware launched in early 2023 called Atomic macOS Stealer (AMOS) targets Apple users and has become a growing threat. Now, with the latest iteration of the malware, malicious parties are planting AMOS inside fake Safari and Chrome browser updates for Mac. We’ll cover how it works and how to avoid this threat.

In September, 9to5Mac reported that Flipper Zero, a popular and cheap hacking tool, was being used to wreak havoc on nearby iPhones and iPads, spamming them with fake Bluetooth pop-ups until they eventually crashed.

Despite many iOS 17 updates since, including last week’s release of new iOS 17.2 betas, Apple has yet to implement safeguards to prevent the attack. So, what gives?

A new report from The Independent this weekend offers an interesting look at why and how Apple is “working hard to break into its own iPhones.” Ivan Krstić, Apple’s head of security engineering and architecture, spoke to The Independent for the report and explained why Apple feels the need to invest so heavily in security.

Notably, Krstić also addressed the possibility of Apple opening up the iPhone to third-party app stores and sideloading due to impending regulation in the European Union.

Security researchers have pulled the curtain back on what appears to be a variant of the infamous RustBucket malware that targets macOS systems. What was first detected earlier in April, a new report from Jamf Threat Labs highlights how this attack continues to evolve and who its potential targets may be.

Security researchers have identified an attempt by state-sponsored hackers from the Democratic People’s Republic of Korea (DPRK) to infect blockchain engineers belonging to an undisclosed crypto exchange platform with a new form of macOS malware.

Apple has sent iPhone hack warnings to the leader of India’s main opposition party, alongside other politicians opposing Narendra Modi’s government – placing Apple in a potentially delicate position.

A security researcher was also alerted, and shared a copy of the alert message he was sent, in which Apple advised enabling Lockdown Mode …

Apple’s new iMessage Contact Key Verification at first glance seems to be a rather niche security feature, likely to be of interest only to the most paranoid or highly-targeted individuals. But it could turn out to be a privacy feature which protects us all from government spying.

That’s because it seems almost custom-designed to prevent a plan developed by the UK’s equivalent to the NSA – GCHQ …

Apple launched a new iMessage security feature yesterday in beta called Contact Key Verification. We learned the basics of how it works yesterday but now Apple has published technical details of how the next-level iMessage security feature operates – including a unique solution to a problem that other messaging services face.

Apple has enabled the testing of a new security feature with the first iOS 17.2 beta. For use with iMessage, Contact Key Verification gives users more certainty they’re messaging with the people they’re intending.

A vulnerability in A-series and M-series chips could force iPhones, Macs, and iPads to divulge passwords and other sensitive information to an attacker. Security researchers have dubbed the flaw – which affects Safari on the Mac, and any browser on iOS devices – iLeakage.

In a proof of concept attack, researchers were able to obtain access to the contents of a Gmail inbox, YouTube history, and passwords auto-filled by Safari …

Apple has launched its first major update for all users since debuting iOS 17 in September. iOS 17.1 comes with a range of security patches and none of them were identified as exploited in the wild ahead of the fixes.