Security News
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.
Cisco over the weekend published information on a vulnerability in the IOS XR software that could be exploited to cause a denial of service condition. Cisco has warned that attackers are already attempting to exploit the vulnerability.
Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data using the Apple device identifier.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.
Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store. Snyk says it has only identified the malicious behavior in iOS versions of the Mintegral advertising SDK; the code does not appear to be present in Android versions.
According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK. SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral's servers.
Verimatrix announced new protection for Bitcode-enabled iOS applications. Publishing an app to Apple's App Store with Bitcode enabled allows Apple to optimize the app's code for each target device.
Check out a developer's picks of 10 essential iOS apps, which focus on security, productivity, and more. Over the past 13 years, as iPhones and iPads have become fixtures in more users' lives, the number of apps and the Apple App Store ecosystem have expanded to offer services and apps that iOS users rely on each day.
Apple has released a fresh batch of software security updates for its flagship devices. For iOS and iPadOS the 13.6 update includes fixes for 29 CVE-listed vulnerabilities, 10 involving arbitrary code execution.