Security News
Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes. For each patched bug, Apple lists its possible impact, so we filtered all the Impact: lines out of the 11 different advisories to give you an idea of the range of different issues fixed, which came to 41 in all.
Apple this week released security updates to address over fifty vulnerabilities impacting macOS and Safari. Eighteen of these vulnerabilities are specific to macOS Catalina, but many impact macOS High Sierra and macOS Mojave as well, and patches were released for those platform iterations as well.
Those apps must be contact tracing apps from from public health authorities. Each day, phones running an app that uses the API will download a list of beacons from phones whose users have tested positive for the virus.
The FBI said on Monday that it figured out how to unlock the iPhones of the shooter who killed three young US Navy students and injured eight at a Pensacola, Florida naval base in December 2019. Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones.
Bluetooth has had its fair share of security scares, too, not least because one end of a Bluetooth connection is often a low-cost, low-power, low-budget device that doesn't have a lot of budget or processing power available for cryptography and security. The one-time LTK then generates a session key for that connection, as usual - this makes it compatible with existing Bluetooth devices - so that the cryptographic security of each connection stands on its own.
The US Department of Justice is once again taking Apple to task for not cooperating with device decryption requests, even after it announced that it had retrieved information from a pair of iPhones without Cupertino's help. "Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones," said Attorney General Barr.
The US Department of Justice is once again taking Apple to task for not cooperating with device decryption requests, even after it announced that it had retrieved information from a pair of iPhones without Cupertino's help. "Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones," said Attorney General Barr.
In a paper [PDF] entitled "MagicPairing: Apple's Take on Securing Bluetooth Peripherals," Dennis Heinze, Jiska Classen, and Felix Rohrbach observe that Apple's MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing: poor scalability and a security model that collapses if the permanent key - the Link Key or Long-Term Key - gets compromised. The paper says that Apple's MagicPairing implementations in iOS and macOS contain a number of spelling mistakes in logging messages and, for macOS Bluetooth daemon bluetoothd, function names.
In a paper [PDF] entitled "MagicPairing: Apple's Take on Securing Bluetooth Peripherals," Dennis Heinze, Jiska Classen, and Felix Rohrbach observe that Apple's MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing: poor scalability and a security model that collapses if the permanent key - the Link Key or Long-Term Key - gets compromised. The paper says that Apple's MagicPairing implementations in iOS and macOS contain a number of spelling mistakes in logging messages and, for macOS Bluetooth daemon bluetoothd, function names.
"Healthy Together" app uses a raft of location data, including GPS, cell tower triangulation and Bluetooth, to pinpoint users and ID coronavirus hotspots. The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens - eschewing the API model proposed by Apple and Google in April.