Security News

Six months after software developer Jeff Johnson told Apple about a privacy bypass vulnerability opening up protected files in macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur, the bug remains unfixed - so he's going public. This latest bug can be exploited by a maliciously crafted app to bypass a privacy system known as Transparency, Consent, and Control that was introduced in OS X Mavericks and got strengthened in subsequent releases through technologies like System Integrity Protection in El Capitan.

Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant - dubbed "EvilQuest" - is packaged along with legitimate apps, which upon installation, disguises itself as Apple's CrashReporter or Google Software Update.

Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. Others ask why a year is seen as "Too long" given that certificate authorities such as Let's Enrcypt are already issuing certificates that are only valid for three months at a time, thanks to a smoothly automated process for renewal.

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats. "Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.

Encrypted DNS, as its name suggests, encrypts those queries to shield them from snoops and meddlers. A year later, a research paper presented at a Usenix conference underscored the need for better security when it reported that about 8.5 per cent of DNS queries were intercepted by service providers.

A new privacy feature in Apple iOS 14 sheds light on TikTok's practice of reading iPhone users' cut-and-paste data, even though the company said in March it would stop. Apple added a new banner alert to iOS 14 that lets users know if a mobile app is pasting from the clipboard and thus able to read to a user's cut-and-paste data.

Apple has acquired Fleetsmith, a San Francisco-based company that specializes in solutions designed to help organizations manage the Apple devices used by their employees. Fleetsmith's enterprise device management solution automates setup, patching, intelligence and security for Macs, iPhones, iPads and Apple TV devices.

Tech companies like Amazon, Apple, Wells Fargo, Salesforce, and IBM have continued to hire in cities across the country despite the economic downturn. Amazon, Deloitte, Bloomberg, and Wells Fargo were all hiring widely for tech positions in New York city.

Apple kicked off its 2020 Worldwide Developers Conference on Monday - a virtual event due to the current coronavirus pandemic - and announced several new privacy features coming to its products. The new iOS 14 will allow iPhone users to only share an approximate location with the apps they are using rather than giving them access to precise location data.

During WWDC 2020 on Monday, the world's most valuable company announced the next versions of its operating systems - iOS 14 for iPhones, iPadOS 14 for iPads, watchOS 7 for Apple Watches, and macOS Big Sur for MacBooks - with new features and enhancements. What's important is that the company also highlighted a few new security and privacy features that have been added to the upcoming iOS 14 and macOS Big Sur systems, categorically aiming to help users:better control which apps installed on their devices can access their data,.