Security News

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Apple has removed 25 virtual private network apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. Roskomnadzor confirmed to Interfax that the order targets multiple apps used to gain access to content tagged as illegal in Russia.

Apple removed a number of virtual private network apps in Russia from its App Store on July 4, 2024, following a request by Russia's state communications watchdog Roskomnadzor, Russian news media reported. This includes the mobile apps of 25 VPN service providers, including ProtonVPN, Red Shield VPN, NordVPN and Le VPN, according to MediaZona.

Red Shield VPN, which is focused on providing its services to Russian users, claims it received a note from Apple that says its VPN was removed from the Russian App Store. The email, which the VPN operator shared on X, says Cupertino had to remove the app from the App Store in Russia since the software did not "Conform with all local laws." This is after the Kremlin had apparently spent years trying technological approaches to block the use of the VPN. "Apple's actions, motivated by a desire to retain revenue from the Russian market, actively support an authoritarian regime," Red Shield said in a statement.

The security team says they found vulnerable CocoaPods pods in "The documentation or terms of service documents of applications provided by Meta, Apple, and Microsoft; as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more." E.V.A. reported the vulnerability to CocoaPods in October 2023, at which point it was patched.

EVA claims CocoaPods in 2014 migrated all "Pods" - a file describing a project's dependencies - to a new "Trunk server" on GitHub. CocoaPods authenticates new devices using an email sent to users who request a session, the researchers noted - but authentication doesn't rely on anything but a client verifying their email address by clicking a link.

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue...

The number of macOS vulnerabilities exploited in 2023 increased by more than 30%, according to a new report. The Software Vulnerability Ratings Report 2024 from patch management software company Action1 also found that Microsoft Office programs are becoming more exploitable, while attackers are targeting load balancers like NGINX and Citrix at a record rate.

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a...

Apple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. "Apple Intelligence is the personal intelligence system that puts powerful generative models right at the core of your iPhone, iPad, and Mac," explained Apple during the WWDC keynote.