Security News

Apple on Thursday informed customers that it patched a total of four vulnerabilities across macOS Catalina, High Sierra and Mojave. Apple says exploitation of the flaw, which involves the processing of a malicious USD file, could lead to arbitrary code execution or a DoS condition.

Sadly what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing - an attack that's wryly known as smishing. Your phone's operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.

A mobile phishing campaign is spreading via text messages purporting to come from an Apple chatbot - and offering "Free trials" of iPhone 12. Clicking the link triggers an interaction - via multiple texts - with a supposed "Apple chatbot."

Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. In total, Apple addressed 11 bugs in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri.

The iOS 14, iPadOS 14, and tvOS 14 anti-tracking feature is on hold until early 2021 to give developers time to make the necessary changes, according to Apple. Apple released iOS 14 without a new anti-tracking feature.

Apple said on Thursday it would give developers until next year to comply with a software change expected to stymie targeted advertising in iPhone and iPad apps. An update coming to Apple's iOS mobile software includes a requirement for apps to ask users' permission to collect and share device-identifying data used to make ads more relevant.

Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any software. The first known instance of notarized macOS malware was discovered last week, by a college student who noticed that people who want to download Homebrew and make the mistake of entering the wrong URL are getting served with a warning saying their Adobe Flash Player is out of date and offering an update for download. Security researcher Patrick Wardle analyzed the served package and confirmed that it is not an update, but a notarized version of the macOS Shlayer adware, which doesn't get detected as malicious by Gatekeeper.

Apple accidentally approved one of the most popular Mac malware threats - OSX.Shlayer - as part of its security notarization process. Security researchers Peter Dantini and Patrick Wardle recently discovered that Apple inadvertently notarized malicious payloads that were utilized in a recent adware campaign.

Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data using the Apple device identifier.

Facebook is pushing back on new Apple privacy rules for its mobile devices - and putting app developers in the middle. Apple will soon require apps to ask users for permission to collect data on what devices they are using and to let ads follow them around on the internet.