Security News

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

One of the Android apps we identified last year, for example, was a QR code reader that was little different from the one already built into your phone's camera app that went for a whopping €104.99 even if you uninstalled the app straight after trying it and never used it again. Many of the fleeceware apps we see are advertised within the App Store as "Free" apps, which puts the apps at odds with section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their "App description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases."

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Apple fixed the issues with Safari 13.1, crediting Pickren for three bug reports in the patch release notes.

Turns out merely visiting a website - not just malicious but also legitimate sites unknowingly loading malicious ads as well - using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well. "If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said.

How to set up an Android phone as your security key for your Google account. Set up two-step verification for your Google account through your phone or a computer by signing into the webpage for your Google account.

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong - infecting website visitors with a newly developed custom surveillance malware. Despite the deep level of surveillance afforded by the malware, researchers said that the campaign doesn't appear to be a targeted effort, apart from focusing on Hong Kong residents.

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports. The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware.

Five high-severity bugs were fixed in the Firefox web browser with the release of version 74 by the Mozilla Foundation on Tuesday. In total, 12 bugs were patched with six rated as moderate severity and one low-severity bug.

The really bad news is the CPU row, which has only three green squares, and tells you that the Sandcastle builds will only work on iPhone 7 devices for now. If you happen to have a surplus-to-requirements iPhone 7 lying around, and you decide to give this Android thing a spin please let us know in the comments how you got along.