Security News

Apple recently announced a tracking device that it calls the AirTag, a new competitor in the "Smart label" product category. Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it's in discoverable mode.

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier.

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a "Safety section in Google Play" that it says "Will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."

We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it.

Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. The development comes a week after Apple rolled out iOS 14.5 and macOS Big Sur 11.3 with a fix for a potentially exploited WebKit Storage vulnerability.

Unlike vendors such as Microsoft, Google Android and Mozilla, security updates emerge from Cupertino HQ whenever Apple thinks the time is right. For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.

On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.

A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited". CVE-2021-30665 - a memory corruption issue in WebKit that could lead to arbitrary code execution when a user views maliciously crafted web content.

Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and macOS devices. News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and macOS computers.

Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear. WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content - a bad webpage can take over the browser, in other words.