Security News

Qualys announced it is expanding Qualys VMDR to mobile devices with support for Android and iOS/iPadOS delivering an end-to-end solution for mobile device security. Qualys' all-in-one VMDR provides in-depth mobile device visibility, data security insights, proactive posture monitoring, and automated response for all iOS and Android devices and installed apps - just like VMDR does for on premises, endpoints, clouds, containers, OT and IoT assets.

Facebook has created a new screen in its iOS app that will urge people to allow it to continue stalking their online activities for targeted advertising. This is in response to Apple preparing to introduce a prompt that asks users whether or not they want to grant Facebook's software permission to track them when they use other apps and websites.

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems.

In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. The service comes on the heels of a recently uncovered iMessage zero-click exploit, which was being leveraged in an espionage attack against Al Jazeera journalists and executives.

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4.

Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar. Apple said it is "Aware of a report that this issue may have been actively exploited." How would one inject malicious code into a device? Look no further than.... CVE-2021-1871, CVE-2021-1870: Also fixed in iOS 14.4 and iPadOS 14.4, a logic bug in WebKit that can be exploited by a malicious webpage - opened in, say, Safari - to execute arbitrary code.

Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities. Apple has promised additional details will be available soon.

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users.