Security News

Apple Patches Two iOS Zero-Days Abused for Years
2020-04-22 19:00

Researchers are reporting two Apple iOS zero-day security vulnerabilities affecting its Mail app on iPhones and iPads. Impacted are iOS 6 and iOS 13.4.1.

Zoom Kills iOS App’s Data-Sharing Facebook Feature
2020-03-30 19:27

Zoom has removed a feature in its iOS web conferencing app that was sharing analytics data with Facebook, after a report revealing the practice sparked outrage. In a Friday post, Zoom that it has now removed the "Login with Facebook" software development kit for iOS, which was the feature tied to the data sharing: "Our customers' privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client, and have reconfigured the feature so that users will still be able to log in with Facebook via their browser," according to Eric Yuan, founder of Zoom.

Apple’s iOS 13.4 hit by VPN bypass vulnerability
2020-03-30 13:43

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version. A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
2020-03-27 14:43

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

No Patch for VPN Bypass Flaw Discovered in iOS
2020-03-26 19:55

Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple's iOS mobile operating system that prevents VPN applications from encrypting all traffic. When a VPN is used, the device's operating system should close all existing internet connections and reestablish them through a VPN tunnel to protect the user's data and privacy.

Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits
2020-03-26 16:14

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports. The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware.

Apple iOS 13.4 offers fixes for 30 vulnerabilities
2020-03-26 09:20

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. As usual, WebKit browser engine and Safari gave Apple plenty to fix, all but one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google's open source fuzzing tool, OSS-Fuzz.

Apple Update Fixes WebKit Flaws in iOS, Safari
2020-03-25 21:07

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes. Of the CVEs disclosed, 30 affected Apple's iOS, 11 impacted Safari and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1 and macOS Catalina 10.15.3.

Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters... and something weird called iTunes for Windows
2020-03-25 06:57

Apple has emitted a bundle of security fixes ranging across its product lines. For the flagship iOS, the 13.4 update includes fixes for 30 security holes.

Apple’s iOS pasteboard leaks location data to spy apps
2020-02-26 16:28

Now an app developer called Mysk has discovered pasteboard's dark side - malicious apps could exploit it to work out a user's location even when that user has locked down app location sharing. In the simplest scenario, an iPhone user would take a photo, copy it between apps using the pasteboard, from which a malicious app could extract location metadata while comparing it with timestamps to determine whether it was current or taken in the past.