Security News

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks.

A malicious email campaign aimed at iPhone owners is making the rounds this week, using a bouquet of different themes to scam victims, just in time for Valentine's Day - including a fake dating app. Once the email body is clicked, the victim is taken on "a seemingly endless redirect loop," until neuropathy is left far behind, and the victim lands on what purports to be a dating app for Apple's iPhone.

Apple has joined the FIDO Alliance, an organization that aims to help reduce the use of passwords by providing free and open authentication standards. Nok Nok Labs, inventor of the FIDO specifications and a founding member of the FIDO Alliance, announced on Wednesday that Apple has not only become a member, but that it has also taken a leadership role as a board member.

Malicious software targeting users of Apple Macs has leapt over the last year, the security outfit said in its latest State of Malware report. Describing this as an "Exponential" increase, the firm said that detections of nasties targeted against innocent Apple fanbois were up 400 per cent year-on-year, while adding the caveat that its Mac userbase had also grown a bit.

The X-Force Threat Intelligence Index 2020 found that hackers are targeting manufacturing plants, making banking trojans more sophisticated, and spoofing tech brands to make phishing schemes successful. IBM Security releases the IBM X-Force Threat Intelligence Index annually, summarizing the most prominent threats identified by research teams.

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.

Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.

The bug-hunters at Checkpoint have laid claim to the discovery and reporting of two serious, and now patched, security flaws in Microsoft Azure. Among the fixes are security updates for iOS and macOS, the two major operating systems from Cook and Co. While there aren't any massive risks posed by the patched flaws, users and admins should look to get the patches in place before malware writers begin to take aim at them.

Apple's latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution. The fixes address vulnerabilities in Apple's Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV's operating system, tvOS - each rated high-severity.

Apple has just announced its latest round of security updates. There are plenty of critical holes patched in this raft of updates - so we strongly advise you to patch right away, before anyone figures out how to abuse these newly-documented holes for fun or profit.