Security News

ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week's critical vulns Infosec in brief The latest round of Apple's Security Research Device (SRD)...

Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties. In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.

Apple announced today that iOS security researchers can now apply for a Security Research Device by the end of October. The company added that iPhones provided through the Security Research Device Program should only be used by authorized people and never leave the premises of the security research facility.

'We will continue fighting this case' global chief's lawyer tells us An appeals court has reversed a 2021 decision to drop a bribery charge against Apple's head of global security, who is accused...

Apple last year introduced a security feature called App Management that's designed to prevent one application from modifying another without authorization under macOS Ventura - but a developer claims it's not very good at its job under some circumstances. "If an app is modified by something that isn't signed by the same development team and isn't allowed by an NSUpdateSecurityPolicy, macOS will block the modification and notify the user that an app wants to manage other apps," explained Justin Sagurton of Apple's privacy engineering team, in a video presentation at the fruity computer seller's 2022 Worldwide Developers Conference.

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline. The method "Tricks the victim into thinking their device's Airplane Mode works when in reality the attacker has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

As device diversification continues and more Apple devices enter corporate environments, IT leaders face added management complexity. This new device management standard is built around the concept of shifting device management from centralized servers onto the devices themselves.

Sophos released new findings on CryptoRom scams—a subset of pig butchering schemes designed to trick users of dating apps into making fake cryptocurrency investments. Since May, Sophos X-Ops has...

Turns out, Apple's App Store can't accept the new name for Twitter's iOS app because of minimum character requirements. This week, both Google Play and Apple's App Store pushed updated versions of the Twitter app respectively for Android and iOS users.

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. The iPhone maker said it's making the move to ensure that such APIs are not abused by app developers to collect device signals to carry out fingerprinting, which could be employed to uniquely identify users across different apps and websites for other purposes such as targeted advertising.