apple – Page 5 – SSL and internet security news

Serious MacOS Vulnerability Patched

April 30, 2021 infossl

apple, malware, operating systems, patching, Security technology, Uncategorized, vulnerabilities

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he … Read More “Serious MacOS Vulnerability Patched” »

Details on the Unlocking of the San Bernardino Terrorist’s iPhone

April 19, 2021 infossl

apple, exploits, fbi, hacking, iphone, Security technology, terrorism, Uncategorized

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called … Read More “Details on the Unlocking of the San Bernardino Terrorist’s iPhone” »

Security Analysis of Apple’s “Find My…” Protocol

March 15, 2021 infossl

academic papers, apple, bluetooth, crowdsourcing, de-anonymization, privacy, reverse engineering, security analysis, Security technology, tracking, Uncategorized

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an … Read More “Security Analysis of Apple’s “Find My…” Protocol” »

Mysterious Macintosh Malware

March 2, 2021 infossl

apple, computer security, malware, Security technology, Uncategorized

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack … Read More “Mysterious Macintosh Malware” »

ThiefQuest Ransomware for the Mac

July 6, 2020 infossl

apple, malware, ransomware, Security technology

There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, … Read More “ThiefQuest Ransomware for the Mac” »

iPhone Apps Stealing Clipboard Data

June 29, 2020 infossl

apple, dataloss, eavesdropping, ios, Security technology, video

iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads … Read More “iPhone Apps Stealing Clipboard Data” »

“Sign in with Apple” Vulnerability

June 2, 2020 infossl

apple, hacking, Security technology, securityengineering, vulnerabilities, zeroday

Researcher Bhavuk Jain discovered a vulnerability in the “Sign in with Apple” feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed. EDITED TO ADD (6/2): Another story. Powered by WPeMatico

Contact Tracing COVID-19 Infections via Smartphone Apps

April 13, 2020 infossl

apple, covid19, epidemiology, google, privacy, Security technology, tracing, tracking

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out. I was going … Read More “Contact Tracing COVID-19 Infections via Smartphone Apps” »

Hacking Voice Assistants with Ultrasonic Waves

March 23, 2020 infossl

academicpapers, android, apple, google, hacking, iphone, Security technology, sidechannelattacks, smartphones, video

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants — the demo targeted Siri, Google Assistant, and Bixby — are designed to respond when they detect the owner’s voice after noticing a trigger phrase such as ‘Ok, Google’. Ultimately, commands are just … Read More “Hacking Voice Assistants with Ultrasonic Waves” »

Companies that Scrape Your Email

February 12, 2020 infossl

apple, datamining, email, espionage, marketing, Security technology, surveillance

Motherboard has a long article on apps — Edison, Slice, and Cleanfox — that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from “personal inboxes,” the document adds. A spokesperson for J.P. Morgan Research, the … Read More “Companies that Scrape Your Email” »