Security News

Massive ad-fraud op dismantled after hitting millions of iOS devices
2023-01-21 15:06

A massive ad fraud operation dubbed 'Vastflux' that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at cybersecurity company HUMAN. The operation's name was derived from the VAST ad-serving template and the "Fast flux" evasion technique used to conceal malicious code by rapidly changing a large number of IP addresses and DNS records associated with a single domain. The research team at HUMAN discovered Vastflux while investigating a separate ad fraud scheme.

Apple patches everything, finally reveals mystery of iOS 16.1.2
2022-12-14 21:11

Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop. In other words, if you've got an Apple product, and it's still officially supported, we urge you to do an update check now.

Apple security update fixes new iOS zero-day used to hack iPhones
2022-12-13 20:48

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. In October, Apple fixed a zero-day in the iOS Kernel.

Apple pushes out iOS security update that’s more tight-lipped than ever
2022-12-02 21:02

It's just under a month since iOS 16.1.1 came out for Apple iPhone users, fixing a pair of bugs that were listed with the worrying words "a remote user may be able to cause unexpected app termination or arbitrary code execution". Now, there's another security update, apparently moving iPhone users only up to version iOS 16.1.2.

Android and iOS apps with 15 million installs extort loan seekers
2022-11-30 13:00

Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers. [...]

Microsoft Defender network protection generally available on iOS, Android
2022-11-11 20:01

Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.

U.S. govt employees exposed to mobile attacks from outdated Android, iOS
2022-11-02 15:11

According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks.

Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
2022-10-27 10:15

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "An app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!
2022-10-25 18:03

The "Clear-and-present danger" prize goes to iOS and iPadOS, which get updated to version 16.1 and 16 respectively, where one of the listed security vulnerabilites allows kernel code execution from any app, and is already actively being exploited. As you might have assumed, given that the release of Ventura takes macOS to version 13, three-versions-ago macOS 10 Catalina doesn't appear in the list this time.

Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)
2022-10-25 08:44

For the ninth time this year, Apple has released fixes for a zero-day vulnerability exploited by attackers to compromise iPhones. CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which can be exploited to allow a malicious application to execute arbitrary code with kernel privileges.