Security News
Apple says it's going to upgrade the cryptographic protocol used by iMessage to hopefully prevent the decryption of conversations by quantum computers, should those machines ever exist in a meaningful way. The protocol, dubbed PQ3, is intended to safeguard users' chats in some future era of quantum computing, when these computers may be able to break classical encryption methods and render today's messaging security obsolete.
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. Apple offers a one-year warranty for new iPhones, enabling customers to return malfunctioning devices to Apple or authorized resellers for a replacement.
Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.The backdoor codenamed “RustDoor” by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures.
A screenshot of the fake LastPass app in the Apple App store. "Upon seeing the fake 'LassPass' app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed," Christofer Hoff, chief secure technology officer for LastPass, told The Register Thursday.
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. As LastPass is used to store very sensitive information, such as authentication secrets and credentials, the app was likely created to act as a phishing app and steal credentials.
A fraudulent app named "LassPass Password Manager" that mimics the legitimate LastPass mobile app can currently be found on Apple's App Store, the password manager maker is warning. "The app in question is called 'LassPass Password Manager' and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent," says Mike Kosak, Senior Principal Intelligence Analyst at LastPass.
While Apple isn't explicitly named in the recently unsealed court papers, it's not difficult to deduce that the identity of "Company A," as written in the indictment, is the consumer tech megacorp. Looking deeper into the case background, it's also revealed that one of the defendants redeemed one of the stolen gift cards to their personal app store account, where they purchased Final Cut Pro - software developed by Apple that only runs on Apple hardware.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...
In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As well as the App Store changes, Apple will prompt iOS users in the EU to select a preferred browser instead of defaulting to Safari in accordance with the DMA. These changes will come with iOS 17.4 in the EU in March. In response, Apple built new options for iOS, Safari on iOS, the App Store and developer app analytics.
A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software. Apple sued NSO, developer of the notorious Pegasus spyware, back in November 2021 and asked the court to permanently ban NSO from using any Apple software, services, or devices.