Security News
Security expert Phil Vachon explained what happened on his blog Security Embedded, writing that an Online Certificate Status Protocol responder checking certificates of each and every application was to blame after an Apple server went down. "In the aftermath of the OCSP responder outage, and the dust settling on the macOS Big Sur release, there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is-who better than Apple?".
Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers. "Some Apple apps bypass some network extensions and VPN Apps," Maxwell tweeted.
Google is currently working on fixing a known issue causing a Google Chrome web browser version launched earlier today for Apple processors to suddenly crash. "Earlier today we updated our Chrome download page to include a new version of Chrome optimized for new macOS devices featuring an Apple processor," Chrome Support Manager Craig Tumblison said.
Google is currently working on fixing a known issue causing a Google Chrome web browser version launched earlier today for Apple processors to suddenly crash. "Earlier today we updated our Chrome download page to include a new version of Chrome optimized for new macOS devices featuring an Apple processor," Chrome Support Manager Craig Tumblison said.
Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs. They say it is a liability that can be exploited by threat actors to bypass firewalls and give them access to people's systems and expose their sensitive data. Despite concerns and questions among security professionals, Apple released Big Sur to the public on Nov. 12.
Now Apple has stressed that this app security check does not send anyone's Apple IDs nor device identifiers over the 'net, though it did log people's public IP addresses. "To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs," Apple said.
An Austrian online privacy NGO said on Monday it was lodging complaints against Apple in two countries over the use of a code on its phones that allows tracking of user behavior. The NOYB group said it was filing complaints with data protection authorities in Germany and Spain over Apple's use of a so-called IDFA which NOYB says are used on phones "Without user's knowledge or consent".
Apple this week unveiled its new M1 chip and the company has provided a brief description of its security features. The tech giant told SecurityWeek that it will detail the M1's security features in the coming weeks.
When browsing webpages, such as news articles in the Safari web browser on an iPhone or iPad, users can choose to select and share a partial text excerpt from the page, rather than the entire page itself. "It's actually a useful feature that's great for pointing out specific passages in blogs, news articles, and more," Juli Clover, the website's editor had said earlier.
Apple allows data disclosure to be optional if all of the following conditions apply: if it's not used for tracking, advertising or marketing; if it's not shared with a data broker; if collection is infrequent, unrelated to the app's primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user's name or account name is prominently displayed with the submission. Developers must disclose the use of contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, and more.