Security

It’s not just the cost of groceries that has gone up. The market price for WhatsApp exploits are also on the rise, but inflation may not be to blame.

Apple on Wednesday released iOS 17.0.3 for iPhone users. Although the update doesn’t bring any new features, it fixes a bug that had been causing some iPhone models (especially the iPhone 15 Pro) to overheat more than usual. However, iOS 17.0.3 also comes with two important security fixes, including a fix for a breach that had been actively exploited.

Apple is constantly promoting its devices as secure due to their unique combination of hardware and software. Because of this, many companies have been opting for the Mac for their IT departments over other platforms – and a new IDC survey endorsed by Apple reveals that 76% of IT decision makers believe that the Mac is more secure than other computers.

Security researchers have highlighted a couple of potential iCloud Keychain issues you may want to be aware of in iOS 17 and macOS Sonoma.

One is that upgrading may switch the feature on if you previously had it off, while the second arises if you have the feature enabled and then toggle it off …

Eufy security cameras are getting an update that allows them to track a visitor across multiple cameras, and send you a single video alert which follows the visitor between views.

A demo video shows a delivery driver dropping off a package, and one view shows them placing the package in a yard, combined with a view from a second camera which shows the driver getting back into their van at the front of the home …

macOS Sonoma has officially launched with new features and improvements like interactive widgets, Game Mode, all-new wallpapers, and more. But one of the important behind-the-scenes changes is dozens of security fixes. Here are the 61 security patches that come with macOS 14.0.

After updating to the release version of iOS 17, some iPhone users are experiencing their existing privacy settings change without permission. Apple says it is investigating these reports. Here’s the latest.

In more T-Mobile news surely to give you déjà, déjà, déjà vu, the company has reportedly fallen victim to its third data breach this year, with over 90GB of employee and customer information stolen. And if you aren’t keeping track, it’s the company’s eighth major breach since 2018…

Update: New information suggests the data breach doesn’t affect T-Mobile itself, but an independent T-Mobile retailer called ConnectivitySource. The data from the leak “is related to an independently owned authorized retailer,” T-Mobile told 9to5Mac. “T-Mobile’s employee data was not exposed.”

ConnectivitySource is one of the company’s largest authorized retailers and operates in 38 states across the US. Around 146,109 audio recordings of customers calling stores were also collected by the hackers, claims vx-underground.

Three days after launching iOS 17, Apple has issued iOS 17.0.1 with three important security patches. Notably, Apple says it’s aware all of the fixed vulnerabilities were reported as being actively exploited.

The British government’s hugely controversial Online Safety Bill has today passed in the second chamber of Parliament, and after six years of debate is now set to become law.

While Apple’s iMessage and other end-to-end encrypted messaging apps were saved from being outlawed by the bill, the government hasn’t yet given up the fight …

In what appears to be the latest in a series of T-Mobile security breaches, customers are reporting that they are seeing the personal data of other users when logged into their accounts.

Data accessible includes sensitive information like credit card details, home address, purchase history, and current credit balance …

While we’re still waiting to hear whether a federal TikTok ban will be imposed, some 18 state attorneys general are backing Montana’s state-level ban on the short video app. The ban is due to take effect on January 1, 2024.

TikTok is seeking to overturn the ban on the basis that it violates the free speech rights of its video creators, granted by the First Amendment. The app is one of the most popular in the world, used by around a third of the US population …

Although the previous White House incumbent threatened a US TikTok ban and then quietly dropped it, the idea never quite went away. A new report says that fresh meetings have taken place between Bytedance, the Chinese owner of the app, and US government officials.

Things kicked off back in the summer of 2020 when the previous administration said that it was considering the possibility of banning TikTok over unspecified security concerns that data could be used by the Chinese government. Since the app uses very little personal data, the nature of these fears was not explained …

On Thursday, Apple publicly released iOS 16.6.1, which brings no new features but fixes security vulnerabilities, as we previously reported. Interestingly, we now know that iOS 16.6.1 also fixes an exploit used by Pegasus spyware.

This year we’ve seen a powerful new malware launch called Atomic macOS Stealer (AMOS) that specifically targets Apple users. Now in the latest development, AMOS has been found in malicious ads for Google searches. Here’s how to avoid this threat and help others do the same.

The future of iMessage in the UK had seemed in doubt, as the British government was demanding that the company break end-to-end encryption to allow messages to be scanned. Apple had said that it would withdraw iMessage from the UK rather than compromise user privacy.

WhatsApp and Signal had similarly threatened to withdraw their messaging apps from the UK, but the government has now done a U-turn, while issuing a meaningless, face-saving statement …

Update: The MTA flaw has been eliminated, but the Apple Pay question remains. See the end of the piece.

An inexcusable NYC subway security flaw has been revealed, allowing anyone with knowledge of a user’s credit card number and expiry date to track all journeys made within the past seven days.

But what’s far more concerning is that the vulnerability applies to journeys where Apple Pay was used to tap into stations, despite the fact that this should be completely impossible …

Just under a year ago, Apple launched a new Security Research hub along with an upgraded bug bounty program, updates to the Security Research Device Program, and more. Starting today for a limited time, Apple has opened up applications for next year’s Security Research Device Program. Here’s how to apply.

Apple says that plans to increase the scope and powers of the UK’s Investigatory Powers Act is “a serious and direct threat to data security and information privacy” – not just to British citizens, but to all tech users worldwide.

The company says that the British government is trying to make itself “the de facto global arbiter of what level of data security and encryption are permissible” after a report last week noted that companies like Apple could be banned from issuing security updates without permission …

Everyone in the tech industry facepalms almost every time legislators try to pontificate on technology, but the British government appears to be trying to set a new record. After putting iMessage and FaceTime at risk, the government is now suggesting that it might ban some Apple security updates.

Under the latest plans, tech companies would need to notify the British government before rolling out a security fix but might be refused permission if it blocks a vulnerability that’s being exploited by security services…