Security News

Apple this week unveiled its new M1 chip and the company has provided a brief description of its security features. The tech giant told SecurityWeek that it will detail the M1's security features in the coming weeks.

When browsing webpages, such as news articles in the Safari web browser on an iPhone or iPad, users can choose to select and share a partial text excerpt from the page, rather than the entire page itself. "It's actually a useful feature that's great for pointing out specific passages in blogs, news articles, and more," Juli Clover, the website's editor had said earlier.

Apple allows data disclosure to be optional if all of the following conditions apply: if it's not used for tracking, advertising or marketing; if it's not shared with a data broker; if collection is infrequent, unrelated to the app's primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user's name or account name is prominently displayed with the submission. Developers must disclose the use of contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, and more.

Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.

After years of complaints about over-permissioned apps that collect, use and share private user information, Apple will be making developer privacy policies more transparent for consumers. Starting Dec. 8, iOS and macOS developers will be required to provide detailed information about how their apps collect information, which data they collect and what it will be used for, according to an Apple post on its developer support page.

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild.

Apple on Thursday released patches for tens of vulnerabilities across its products, including three flaws that are actively exploited in attacks. The three vulnerabilities were discovered by Google Project Zero researchers and could lead to remote code execution, leak of kernel memory, and escalation of privilege to kernel level, respectively, Project Zero technical lead Ben Hawkes says.

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google's Project Zero bug hunters among exploitable flaws found by others. The iPhone giant's security bulletins note that the three flaws discovered and reported by Project Zero - CVE-2020-27930, CVE-2020-27950, and CVE-2020-27932 - are being actively exploited in the wild.

Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices. The zero-days were addressed by Apple earlier today, with the release of iOS 14.2, the mobile OS's latest stable version.

A proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device's IP address, and inform the destination that the request is coming from a proxy. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.