Security News

"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users - even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany. AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication.

Apple will begin requiring app makers to tell users what tracking information they want to gather and get permission to do so, displaying what have been referred to as "Privacy nutrition labels." "Unless you receive permission from the user to enable tracking, the device's advertising identifier value will be all zeros and you may not track them," Apple said this week in an online message to developers.

Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it's making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints.

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.

The REvil ransomware gang is known for audacious attacks on the world's biggest organizations, and its demands for astronomical ransoms to match. In an added stroke of criminal ingenuity to ratchet up the pressure to pay, REvil decided to start leaking the ripped off files just hours before Apple's Spring Loaded event on Tuesday, including schematics for some new iMacs it debuted there.

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.

A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop - iOS and macOS's ad-hoc over-the-air file-sharing service - and found that senders and receivers may leak their contact details in the process. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.

Quanta Computer Inc. acknowledged the attack in a statement made to Bloomberg, stating that the company's information security team worked with external experts to deal with cyber attacks on a small number of servers. REvil demanded $50 million for the decryption key, according to a chat-room transcript reviewed by Bloomberg.

Quanta Computer, an ODM laptop manufacturer and prolific Apple supplier, has now confirmed that digital burglars broke into its systems. "In a statement provided to Bloomberg, Quanta said:"Quanta Computer's information security team has worked with external IT experts in response to cyber attacks on a small number of Quanta servers.

An entity claiming to represent ransomware gang REvil says it has accessed "Large quantities of confidential drawings and gigabytes of personal data" from Quanta Computer Incorporated, a Taiwanese manufacturer that builds laptops and other gadgets for the likes of Apple, HPE, Lenovo, Cisco, and plenty of other top-tier tech companies. REvil said it is "Negotiating the sale" of the trove "With several major brands" and is sitting on data describing Apple's Watch, MacBook Air, and MacBook Pro, plus the Lenovo ThinkPad Z60m. The post announcing the alleged crack includes technical drawings of a laptop that bear Apple's logo.