Security News

Google and Apple unveiled a joint initiative Friday to develop a coronavirus smartphone "Contact tracing" tool that could potentially alert people when they have crossed paths with an infected person. "All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world's most pressing problems," the companies said in a joint statement.

Despite the companies' insistence that privacy will be "Of utmost importance," some in the security space remain wary of data privacy concerns around the newly announced technology. Many such coronavirus tracking apps are already available, such as COVID Symptom Tracker and Private Kit SafePaths.

Researchers are warning iPhone users of fleeceware apps after finding more than 30 examples of them on Apple's App Store. Many of these fleeceware apps come in the form of image editors, horoscope apps, QR code or barcode scanners, and face filter apps targeted at younger generations.

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Apple fixed the issues with Safari 13.1, crediting Pickren for three bug reports in the patch release notes.

To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.

There's been a bit of a buzz in the news lately over an "Epic new feature" in the next Apple iPad model - the one that's supposed to come out this year. A real-life, break-in-the-wire(ish) microphone switch so that you can be sure that your iPad really isn't recording you while you're in your car or sitting around at home.

One way to ensure this is to update your Apple systems automatically and to have the App Store automatically update your apps as well. I'll explain how to keep iOS and macOS devices and apps up-to-date without lifting a finger when new updates are available.

A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.

Apple's latest update to macOS Catalina appears to have broken SSH for some users. The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works - for some users at least.

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.