Security News

After years of complaints about over-permissioned apps that collect, use and share private user information, Apple will be making developer privacy policies more transparent for consumers. Starting Dec. 8, iOS and macOS developers will be required to provide detailed information about how their apps collect information, which data they collect and what it will be used for, according to an Apple post on its developer support page.

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild.

Apple on Thursday released patches for tens of vulnerabilities across its products, including three flaws that are actively exploited in attacks. The three vulnerabilities were discovered by Google Project Zero researchers and could lead to remote code execution, leak of kernel memory, and escalation of privilege to kernel level, respectively, Project Zero technical lead Ben Hawkes says.

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google's Project Zero bug hunters among exploitable flaws found by others. The iPhone giant's security bulletins note that the three flaws discovered and reported by Project Zero - CVE-2020-27930, CVE-2020-27950, and CVE-2020-27932 - are being actively exploited in the wild.

Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices. The zero-days were addressed by Apple earlier today, with the release of iOS 14.2, the mobile OS's latest stable version.

A proxy request may contain the X-Forwarded-For or Via HTTP headers revealing the source device's IP address, and inform the destination that the request is coming from a proxy. Last month, Security researcher and podcast creator David Coomber found out that Applebot had been using a proxy that leaked Apple's internal IP addresses.

Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers. As observed by BleepingComputer, when printing a document from a MacBook running macOS Catalina and Mojave users with HP printers.

A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "Low impact security incident" but that no customer data was impacted.

Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego. Application developers have the possibility to submit their software to Apple for scanning purposes and have it automatically notarized if deemed malware-free.

Five researchers hacked Apple Computer's networks - not their products - and found fifty-five vulnerabilities. They have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone's iCloud account and then do the same to the victim's contacts.