Security News

Serious Security: Apple Safari leaks private data via database API – what you need to know
2022-01-18 19:23

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software. At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking
2022-01-16 19:34

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. That's not the case with how Safari handles the IndexedDB API in Safari across iOS, iPadOS, and macOS. "In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy," Martin Bajanik said in a write-up.

Apple fixes doorLock bug that can disable iPhones and iPads
2022-01-12 21:45

Apple has released security updates to address a persistent denial of service dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later. Apple has addressed this severe resource exhaustion issue in iOS 15.2.1 and iPadOS 15.2.1 by adding improved input validation which no longer allows attackers to disable vulnerable devices.

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability
2022-01-12 20:58

Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent denial-of-service issue affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its release notes for iOS and iPadOS 15.2.1, termed it as a "Resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation.

Apple’s Private Relay is Being Blocked
2022-01-11 15:09

Some European cellphone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch.

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
2022-01-06 15:44

A new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background. "The NoReboot approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a fake shutdown. There is no user-interface or any button feedback until the user turns the phone back 'on'we cannot, and should not, trust a normal reboot."

Apple Home software bug could lock you out of your iPhone
2022-01-04 19:23

The bug affects the Home app, Apple's home automation software that lets you control home devices - webcams, doorbells, thermostats, light bulbs, and so on - that support Apple's HomeKit ecosystem. Wiping your data is quick and reliable because Apple mobile devices always encrypt your data, even if you don't set a lock code of your own, using a randomly chosen passphrase kept in secure storage.

Researchers Detail New HomeKit 'doorLock' Bug Affecting Apple iOS
2022-01-04 03:27

A persistent denial-of-service vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. HomeKit is Apple's software framework that allows iOS and iPadOS users to configure, communicate with, and control connected accessories and smart-home appliances using Apple devices.

Apple iOS vulnerable to HomeKit 'doorLock' denial of service bug
2022-01-03 15:39

Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices. To demonstate the doorLock bug, Spinolas has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.

Apple AirTags Are Being Used to Track People and Cars
2021-12-31 15:52

Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. Unlike similar tracking products from competitors such as Tile, Apple added features to prevent abuse, including notifications like the one Ms. Estrada received and automatic beeping.