Security News

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. Starting this morning at 7:13 AM EST, iCloud Mail users began reporting that they were having difficulty sending or receiving an email to their accounts.

iPhone users with AirDrop enabled may unknowingly expose certain personal information to a complete stranger. In a report released last week, researchers at the Department of Computer Science at the University of Darmstadt in Germany revealed their discovery of a security hole in Apple's AirDrop.

"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users - even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany. AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication.

Apple will begin requiring app makers to tell users what tracking information they want to gather and get permission to do so, displaying what have been referred to as "Privacy nutrition labels." "Unless you receive permission from the user to enable tracking, the device's advertising identifier value will be all zeros and you may not track them," Apple said this week in an online message to developers.

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it's making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints.

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.

The REvil ransomware gang is known for audacious attacks on the world's biggest organizations, and its demands for astronomical ransoms to match. In an added stroke of criminal ingenuity to ratchet up the pressure to pay, REvil decided to start leaking the ripped off files just hours before Apple's Spring Loaded event on Tuesday, including schematics for some new iMacs it debuted there.

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.

A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop - iOS and macOS's ad-hoc over-the-air file-sharing service - and found that senders and receivers may leak their contact details in the process. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.

Quanta Computer Inc. acknowledged the attack in a statement made to Bloomberg, stating that the company's information security team worked with external experts to deal with cyber attacks on a small number of servers. REvil demanded $50 million for the decryption key, according to a chat-room transcript reviewed by Bloomberg.