Security News

In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple's authentication servers. Bhavuk found that though Apple asks users to log in to their Apple account before initiating the request, it was not validating if the same person is requesting JSON Web Token in the next step from its authentication server.

In an interview with The Hacker News, Bhavuk Jain revealed that the vulnerability he discovered resided in the way Apple was validating a user on the client-side before initiating a request from Apple's authentication servers. Bhavuk found that though Apple asks users to log in to their Apple account before initiating the request, it was not validating if the same person is requesting JSON Web Token in the next step from its authentication server.

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can. The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can. The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.

The latest Naked Security podcast is out now!

Roberto Escobar's company has reportedly filed a $2.6 billion lawsuit against Apple for purportedly having lame-o security - security so bad, his address purportedly got leaked through FaceTime and has led to subsequent assassination attempts. According to TNW and TMZ, former accountant and co-founder of the Medellín drug cartel Roberto Escobar, brother to the now deceased drug kingpin Pablo Escobar, is claiming that his iPhone X nearly killed him.

Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes. For each patched bug, Apple lists its possible impact, so we filtered all the Impact: lines out of the 11 different advisories to give you an idea of the range of different issues fixed, which came to 41 in all.

Apple this week released security updates to address over fifty vulnerabilities impacting macOS and Safari. Eighteen of these vulnerabilities are specific to macOS Catalina, but many impact macOS High Sierra and macOS Mojave as well, and patches were released for those platform iterations as well.

Those apps must be contact tracing apps from from public health authorities. Each day, phones running an app that uses the API will download a list of beacons from phones whose users have tested positive for the virus.

The FBI said on Monday that it figured out how to unlock the iPhones of the shooter who killed three young US Navy students and injured eight at a Pensacola, Florida naval base in December 2019. Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones.