Security News
Responding to the increasing complexity of the global cyberthreat environment, Apple has released three new security features: iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in early 2023.
The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version. Tor browser version 12.0 is based on Firefox 102, an upgrade from Firefox version 91, which was used as the base for the previous Tor release, v11.5.
Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted data backups in its iCloud service. "If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it - you'll need to use your device passcode or password, a recovery contact, or a personal recovery key," Apple explains in a support document.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. "iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos," the company said in a recent announcement.
"Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," explained Ivan Krstić, Apple's head of security engineering and architecture, in a canned statement. Apple already offers end-to-end encryption by default for 14 iCloud services, including passwords in iCloud Keychain and Health data.
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. [...]
It's just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words "a remote user may be able to cause unexpected app termination or arbitrary code execution". Now, there's another security update, apparently moving iPhone users only up to version iOS 16.1.2.
Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers. Lookout contacted Google and Apple about the apps and said Wednesday that none of them were still available for download. "What's been identified is a tiny drop in the bucket overall," Chris Clements, vice president of solutions architecture for Cerberus Sentinel, told The Register, adding that "Anything over zero shouldn't be acceptable."
Winter November 22, 2022 11:13 AM. Cardinal Richelieu has been quoted as saying he only needs six lines of the most honest man to condemn him to death. You do not need even three lines to get death threats.
No sooner had we stopped to catch our breath after reviewing the latest 62 patches dropped by Microsoft on Patch Tuesday. Neither bug is reported with Apple's typical zero-day wording along the lines that the company "Is aware of a report that this issue may have been actively exploited", so there's no suggestion that these bugs are zero-days, at least inside Apple's ecosystem.