Security News

Microsoft has announced new and improved capabilities for enterprise security teams that use Microsoft Defender for Endpoint on Android and iOS and Microsoft threat and vulnerability management APIs. Microsoft Defender for Endpoint - a cloud-powered enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats - now has a new mobile app that makes it easier for users to see whether their Microsoft Tunnel VPN connection is operational, web protection is on, and the apps on their mobile devices are potentially dangerous.

Apple previewed new privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8, which help users better control and manage access to their data. With App Privacy Report, users can see how often each app has used the permission they've previously granted to access their location, photos, camera, microphone, and contacts during the past seven days.

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.

Well, SophosLabs researchers have just published a report entitled Fake Android and iOS apps disguise as trading andcryptocurrency apps, and it seems that some investment scammers are taking a similar sort of approach. If you've gone to all the trouble of building an imposter website that looks like a genuine online currency trading business, and a fake app that is believable enough to pass muster as belonging to someone else's brand.

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so. One of its new features is enforcement of what Apple calls AppTrackingTransparency, which means that apps must request permission from the user before tracking them or accessing the Apple device identifier.

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users. The published emails show exchanges between Apple employees, including executives, discussing the XcodeGhost incident and the steps the company should take in response.

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration."

Apple's problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and macOS devices. News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and macOS computers.

Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear. WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content - a bad webpage can take over the browser, in other words.

Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. "Apple is aware of a report that this issue may have been actively exploited," the company said in multiple security advisories published today.