Security News
The US Department of Justice is once again taking Apple to task for not cooperating with device decryption requests, even after it announced that it had retrieved information from a pair of iPhones without Cupertino's help. "Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones," said Attorney General Barr.
The US Department of Justice is once again taking Apple to task for not cooperating with device decryption requests, even after it announced that it had retrieved information from a pair of iPhones without Cupertino's help. "Thanks to the great work of the FBI - and no thanks to Apple - we were able to unlock Alshamrani's phones," said Attorney General Barr.
In this episode, Duck discusses the iPhone "Word of death", Peter shares a shocking ransomware story and I talk about a chatbot that shows empathy. Host Anna Brading is joined by Naked Security regular Paul Ducklin, threat response expert Peter Mackenzie and me.
A weird combination of Unicode characters that make up a nonsense word can crash your iPhone, apparently by confusing the iOS operating system when it tries to figure out how to display the "Word". We don't know how to read Arabic writing, or indeed the text of any Semitic language, but we do know that the writing systems of these languages generally differ from most European languages.
Apple devices are vulnerable to a "Text bomb" attack where simply looking at messages or posts containing characters in the Sindhi language can crash devices. The problem occurs in a number of different scenarios, including if the character string shows up in a text message - in fact, just looking at a message notification containing a message preview will crash the system.
Attackers would need a secondary kernel-level vulnerability to get system-level control and thereby to escape from the strictures of the vulnerable app. Of course, email apps typically contain plenty of juicy data all of their own, so a double-vulnerability compromise of the email app alone is still a worthwhile result for any attacker.
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.
A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say...
The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.