Security News

In organizations, Apple's App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary. For more details, see: How Apple's new App Store privacy requirements may affect users and app developers.

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple's iMessage.

In this episode, we dig into research that figured out a way to steal data from iPhones wirelessly; we tell the fascinating story of how environmentalist divers in Germany came across an old Enigma cipher machine at the bottom of the Baltic sea; and we give you advice on how to talk to phone scammers. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

A Google security guru has published details of a critical hole in Apple's iOS that can be exploited by miscreants to hijack strangers' iPhones over the air without any user interaction. On Tuesday, Google Project Zero's Ian Beer, who reported the flaw to Apple back on November 29, 2019, published a detailed technical account of how he found and developed an exploit the vulnerability, which he likened to a magic spell to gain remote control of the target device.

Oh, and exploits were wormable­ - meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. Beer's attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work.

The exploit sequence he figured out really does allow an attacker to break into a nearby iPhone and steal personal data - using wireless connections only, and with no clicks needed by, or warnings shown to, the innocently occupied user of the device. To give you an idea of just how much effort went into the 5-minute "Teddy bear's data theft picnic" video above, and as a fair warning if you are thinking of studying Beer's excellent article in detail, bear in mind that his blog post runs to more than 30,000 words - longer than the novel Animal Farm by George Orwell, or A Christmas Carol by Charles Dickens.

Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within a nearby vicinity.

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, without any user interaction. According to Beer, the exploit leverages a single memory corruption vulnerability that can be used against an iPhone 11 Pro device to bypass mitigations and achieve native code execution and kernel memory reading and writing.

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."

If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.