Security News

WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements - including a relay system to anonymize Safari connections, and randomized email addresses for online account signups. Apple pundits had anticipated an Arm-based MacBook Pro, yet no word of next-generation Apple Silicon machines surfaced.

Apple is once again demonstrating that it's all in on privacy with new user-protecting features for Mail, Siri, iCloud and additional app-tracking metrics. While there wasn't a single hardware announcement, as was hoped and predicted, the software announcements that Apple made at WWDC 2021 were extensive and are likely to be well-received by iPhone, iPad and Mac users, and privacy stands out as a central theme.

A new analysis from the Washington Post reveals just how widespread fraud is across the Apple App Store, while also offering glimpse into the revenue flowing into Cupertino generated by those malicious activities. The Apple App Store has been under heightened scrutiny for maintaining its iron grip on the apps available to iOS users.

The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI. A coronavirus tracking toolkit that fell foul of privacy rules.

The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end. EDITED TO ADD: Wired article.

Apple's brand new Mac has a security hole, right inside the processor itself! The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

Apple's Arm-based M1 chip, much ballyhooed for its performance, contains a design flaw that can be exploited to allow different processes to quietly communicate with one another, in violation of operating system security principles. Martin has published a proof-of-concept script to demonstrate how to read and write data to the overly talkative system register and a proof-of-concept script for setting up a covert channel on an M1 system.

Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. Oh! No! of the week.

We're much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by 43 different CVE bug numbers. For what it's worth, the update to macOS Big Sur 11.4 shared many of those bugs with iOS, as well as adding a raft of its own, with 58 significant bugs patched, covered by 73 different CVE bug numbers.

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone's computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability-discovered by researchers at enterprise cybersecurity firm Jamf- in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.