Security News

Remember Apple's TouchID sensor, which created quite a stir way back in 2013 when the iPhone 5s came out with a home button that could also read your fingerprint? What if a court compelled you to unlock your phone with your fingerprint? In the USA, for example, would fingerprint unlock "Codes" enjoy the same Fifth Amendment protection against self-incrimination as numeric or alphabetic lock codes? Would "Something you have" be protected under the right to silence in the same way as "Something you know"? What if your fingerprint data were stolen? Lock codes and passphrases can easily be changed if you think someone else has phished or stolen them.

A couple of researchers claim they have earned $50,000 from Apple for finding some serious vulnerabilities that gave them access to the tech giant's servers. Harsh Jaiswal and Rahul Maini, India-based bug bounty hunters who specialize in application security, said they discovered the flaws in recent months, being inspired by a group of researchers who in October reported receiving hundreds of thousands of dollars from Apple for a total of 55 vulnerabilities, including ones that exposed source code, iCloud accounts, warehouse software, and employee and customer apps.

Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network Extension Framework, effectively circumventing firewall protections.

Apple has removed a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called "ContentFilterExclusionList" and included a list of at least 50 Apple apps - including Maps, Music, FaceTime, the App Store and its software update service.

Apple has removed the Parler social network app from the App Store for violating policies, including not providing an updated moderation plan or an updated app with objectionable content removed. "To ensure there is no interruption of the availability of your app on the App Store, please submit an update and the requested moderation improvement plan within 24 hours of the date of this message. If we do not receive an update compliant with the App Store Review Guidelines and the requested moderation improvement plan in writing within 24 hours, your app will be removed from the App Store," Apple warned in the email.

Intel has gingerly dipped a toe into the face-based authentication market with the launch of its RealSense ID product. In terms of security, Chipzilla has made some bold claims, stating RealSense ID has a one-in-one-million false acceptance rate and can withstand the usual attempts to circumvent face-based authentication tools, like masks and photographs, with - according to its RealSense webpage - a spoof acceptance rate of less than 0.1 per cent.

A federal judge Tuesday dismissed Apple's copyright infringement lawsuit against cybersecurity startup Corellium in a case which could have implications for researchers who find software bugs and vulnerabilities. Judge Rodney Smith said Apple failed to show a legal basis for protecting its entire iOS operating system from security researchers.

Apple users are experiencing problems setting up new devices or accessing files stored on the cloud due to an ongoing iCloud outage that has lasted for more than 24 hours. Starting yesterday at 4:45 AM EST, Apple has been experiencing an outage with its iCloud service that prevents users from logging into the service, accessing files, or setting up new devices.

All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices. The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.

Jack Wallen shows you how easy it can be to encrypt text to be sent via email, using Apple Mail and the GPG Suite. With the right pieces in place in macOS, you can copy a block of text from any application, encrypt it, paste it into the body of an email, and send it to any user that has shared their public key with you.