Security News

Privacy advocates are urging developers to proceed with caution as they use technology released by Apple and Google to build COVID-19 contact-tracing apps - and are warning against the potential for cybercriminal use. "The apps built on top of Apple and Google's new system will not be a 'magic bullet' techno-solution to the current state of shelter-in-place," EFF staff technologist Bennet Cyphers and director of research Gennie Gebhart said, in a post on Tuesday on the organization's blog.

Germany on Sunday pulled an about-face regarding the best way to use smart phones to trace people's contacts with those infected by COVID-19, embracing a decentralized Bluetooth-based approach instead of the more invasive location tracking proposed in other approaches. Apple and Google first announced their contact tracing collaboration two weeks ago, on 10 April.

The UK has decided to break with growing international consensus and insist its upcoming coronavirus contact-tracing app is run through centralised British servers - rather than follow the decentralized Apple-Google approach. Within the details over how it would work, the memo revealed the NHS and UK government reckon the contact-tracing protocols built by Apple and Google protect user privacy under advisement only.

Further worse news is that an attack against Apple's latest version of iOS 13.x can occur while the app is open in the background and does not require interaction by the user to execute the code and compromise your device. Users who rely on Mail.app to handle emails should stop using the app until Apple releases the official 13.4.5 update to patch the vulnerability.

Apple and Google have revealed a little more about their plans to support COVID-19 contact-tracing apps and changed up some of their security plans. Apple and Google won't see the information ever.

Sophos XG Firewall hacked in the wild - hotfix available. Sophos has rushed out a hotfix for its XG Firewall products to close an SQL injection vulnerability - after hackers were spotted exploiting the hole in the wild.

Apple devices are vulnerable to a "Text bomb" attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices. The problem occurs in a number of different scenarios, including if the character string shows up in a text message - in fact, just looking at a message notification containing a message preview will crash the system.

It started a couple days ago when a number of researchers and I'm probably gonna mispronounce the name of the security firm, ZecOps or something along those lines -I can never pronounce these names - But anyways, they found two zero days, or what they claimed are two zero days that are very, very troubling when described. Tom: Yeah, well, you know, Apple has gotten some support from the research community.

Apple has confirmed that its Mail application for iOS is affected by some vulnerabilities, but the tech giant has downplayed their impact and disputed claims that the flaws have been exploited in attacks. Cybersecurity automation company ZecOps reported on Wednesday that it had identified a couple of critical zero-day vulnerabilities in the Mail app for iOS. The flaws, which the company says have existed since the release of iOS 6 in 2012, can be exploited to execute arbitrary code in the context of the application by sending a specially crafted email to the targeted user.

Apple has pushed back against claims that two zero-day bugs in its iPhone iOS have been exploited for years, saying it's found no evidence to support such activity. Apple officials made the statement in response to a widely disseminated report published Wednesday by ZecOps, which claimed that two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads already had been exploited in the wild since 2018 by an "Advanced threat operator."