Security News

iOS 14 and iPadOS 14 Patch Vulnerabilities, Introduce New Privacy Features
2020-09-18 03:40

Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14 this week. The issues could result in applications causing a system crash or writing kernel memory, identifying other installed applications, leaking user information, or accessing restricted files; may allow attackers to download malicious content, execute arbitrary code, or view notification contents from the lockscreen; may lead to arbitrary code execution or a cross-site scripting attack; may allow a user to read kernel memory; or could result in the screen lock not engaging after the specified time period.

Apple will release iOS 14 without this privacy feature: What iPhone users and developers need to know
2020-09-04 23:07

The iOS 14, iPadOS 14, and tvOS 14 anti-tracking feature is on hold until early 2021 to give developers time to make the necessary changes, according to Apple. Apple released iOS 14 without a new anti-tracking feature.

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
2020-09-01 00:40

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

Attackers Actively Targeting Cisco IOS XR Vulnerability
2020-08-31 13:47

Cisco over the weekend published information on a vulnerability in the IOS XR software that could be exploited to cause a denial of service condition. Cisco has warned that attackers are already attempting to exploit the vulnerability.

Facebook Hits Back At Apple’s iOS 14 Privacy Update
2020-08-27 16:10

Facebook is lambasting an upcoming Apple mobile operating system privacy update, which requires application to ask users for permission before collecting and sharing their data. In the iOS 14 update, Apple iPhone and iPad users have an explicit option to opt out of allowing apps to collect data using the Apple device identifier.

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
2020-08-26 09:31

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
2020-08-25 10:54

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK, with the first version of the malicious SDK dating back to July 17, 2019. Hijack User Ad Clicks Stating that the SDK contains several anti-debug protection intending to hide the actual behavior of the application, Snyk uncovered evidence that Mintegral SDK not only intercepts all the ad clicks within an app but also use this information to fraudulently attribute the click to its ad network even in cases where a competing ad network has served the ad. It's worth noting that apps that feature in-app ads include SDKs from multiple ad networks with ad mediators' help.

Malicious Behavior Allegedly Found in Advertising SDK Used by 1,200 iOS Apps
2020-08-24 16:27

Researchers at developer security company Snyk claim to have identified malicious behavior in an advertising SDK that is present in more than 1,200 iOS applications offered in the Apple App Store. Snyk says it has only identified the malicious behavior in iOS versions of the Mintegral advertising SDK; the code does not appear to be present in Android versions.

Malicious iOS SDK breaches user privacy for millions
2020-08-24 12:47

According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK. SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral's servers.

Verimatrix unveils anti-tamper tech to protect Bitcode-enabled iOS apps
2020-08-06 01:30

Verimatrix announced new protection for Bitcode-enabled iOS applications. Publishing an app to Apple's App Store with Bitcode enabled allows Apple to optimize the app's code for each target device.