Security News

Apple's announcement that it would scan encrypted messages for evidence of child sexual abuse has revived debate on online encryption and privacy, raising fears the same technology could be used for government surveillance. The move represents a major shift for Apple, which has until recently resisted efforts to weaken its encryption that prevents third parties from seeing private messages.

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. The neural network-based tool will scan individual users' iDevices for child sexual abuse material, respected cryptography professor Matthew Green told The Register today.

A new sort of Windows nightmare, this one not involving printers. Another new sort of Windows nightmare, also with no printers.

Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "Fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. All we know is that Apple says that it "Is aware of a report that this issue may have been actively exploited".

Now it's Apple's turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company's last, and much broader, security update. These include elevation of privilege, where an otherwise uninteresting app suddenly gets the same sort of power as the operating system itself, or even remote code execution, where an otherwise innocent operation, such as viewing a web page or opening up an image, could trick the kernel into running completely untrusted code that didn't come from Apple itself.

Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that's being actively exploited in the wild and can allow attackers to take over an affected system. Apple released three updates, iOS 14.7., iPadOS 14.7.1 and macOS Big Sur 11.5.1 to patch the vulnerability on each of the platforms Monday.

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device. Apple did not say who might be involved in the exploitation of this bug.

Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. Three iOS zero-days in February, exploited in the wild and reported by anonymous researchers.

Apple on Monday released a major security update with fixes for a security defect the company says "May have been actively exploited" to plant malware on macOS and iOS devices. Instead, a line in Apple advisory simply reads: "Apple is aware of a report that this issue may have been actively exploited."