Security News

The bug fixes for iPhones and iPads include remote code execution flaws in components from the kernel itself to Apple's image rendering library, graphics drivers, video processing modules and more. Several of these bugs warn that "a malicious application may be able to execute arbitrary code with kernel privileges".

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. In security advisories issued on Monday, Apple revealed that they're aware of reports this security bug "May have been actively exploited."

Apple has decided to pull the plug on the production of the iPod Touch, discontinuing the revolutionary iOS-based music player introduced 15 years ago. The announcement doesn't specifically mention the end of the product, but it says iPod Touch will only be available while supplies last, which means the production of the $199 device has ceased.

A Moscow Arbitration Court has reportedly seized almost $11 million belonging to Dell LLC after the company failed to provide paid-for services to a local system integrator. IT systems integrator Talmer sued Dell early last month when the American computer giant declined to provide technical support services for VMware as previously agreed.

The server keeps track of every time this "Image" is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

Microsoft, Apple and Google - all longtime proponents of doing away with passwords for authentication purposes - are throwing their support behind standards developed by the FIDO Alliance and the World Wide Web Consortium that could eliminate the passphrases completely. Microsoft said there are 579 password attacks every second, or about 18 billion a year, and many of them are successful, mainly because people have a tendency to pick poor passwords or reuse them across multiple accounts.

Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard developed by the World Wide Web Consortium and the FIDO Alliance. "These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords," added Microsoft Identity Division Vice President Alex Simons.

Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone. A future without passwords may be closer than we think, at least when a new initiative to enlist your smartphone as a mobile authenticator gets off the ground.

Apple last week patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected. In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 and CVE-2022-22674 in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.

Apple, as ever, isn't saying anything about the platforms that didn't get updates, so it's impossible to say whether they're immune and thus unaffected, affected but simply being ignored, or affected and still awaiting updates that will show up in a few days. Intriguingly, Apple's core Security Updates page at HT201222 reports that there are updates denoted tvOS 15.4.1 and watchOS 8.5.1, but Apple merely remarks that these updates have "No published CVE entries".