Security News

Vulnerabilities identified in offline finding - Apple's proprietary crowd-sourced location tracking system - could be abused for user identification, researchers said in a report released this month. With "Hundreds of millions" of devices part of Apple's OF network, this represents the largest crowd-sourced location tracking system in the world, one that is expected to grow even further, as support for non-Apple devices is added to it.

Apple on Monday released security patches for macOS, iOS, iPadOS, watchOS, and Safari to fix up a vulnerability that can be exploited by malicious web pages to run malware on victims' computers and gadgets. Apple thanks Clément Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research for reporting the arbitrary code execution security flaw, CVE-2021-1844, which is present in WebKit, the browser engine used by various bits of Cupertino code.

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content. According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content.

Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby deanonymizing users. Apple devices come with a feature called Find My that makes it easy for users to locate other Apple devices, including iPhone, iPad, iPod touch, Apple Watch, Mac, or AirPods.

The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January. Jailbreaks remove restrictions and give users greater control over their iPhone or iPad. The developers of the jailbreak named Unc0ver recently announced the availability of version 6.0.0, which they claim works on all versions of iOS between 11.0 and 14.3 on many iPhones and iPads, including the iPhone 12 Pro launched a few months ago.

Offensive Security has released Kali Linux 2021.1, the latest version of its popular open source penetration testing platform. A few of the terminals have also been tweaked to - as the developers noted - "Kalify" them.

Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86 64 and the iPhone maker's M1 processors. Calling the malware "Silver Sparrow," cybersecurity firm Red Canary said it identified two different versions of the malware - one compiled only for Intel x86 64 and uploaded to VirusTotal on August 31, 2020, and a second variant submitted to the database on January 22 that's compatible with both Intel x86 64 and M1 ARM64 architectures.

US security consultancy Red Canary says it's found MacOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs. Red Canary has named the malware "Silver Sparrow" and says it had found its way onto almost 30,000 MacOS devices as of February 17th. Red Canary's post says it has analysed two samples of the malware, one targeting x86 and the other targeting X86 and Apple's own M1 silicon.

The company has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of. The M1 chip is supposed to speed up Macs and improve their performance, but according to the updated Platform Security Guide, there are new security protections built deep into M1's code execution architecture.

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transition to Apple silicon has necessitated developers to build new versions of their apps to ensure better performance and compatibility, malware authors are now undertaking similar steps to build malware that are capable of executing natively on Apple's new M1 systems, according to macOS Security researcher Patrick Wardle.