iphone security – WindowsTechs.com

Apple’s new solution to combat child abuse imagery could radically shift encryption debate

Posted on August 6, 2021 by Tonya Riley

Apple announced Thursday it will introduce a feature to detect child sexual abuse images being uploaded to iCloud Photos from iPhone devices in the United States. The company has framed the feature as a privacy-preserving way to combat the scourge of images of sexually explicit content involving children shared online. It’s a radical shift in approach to device privacy by Apple, which has often found itself at the forefront of the clash between tech companies and law enforcement over encrypted technologies. Security researchers and privacy experts say that the company’s decision could lead to a slippery slope of government abuse and has radically shifted the debate over encrypted technologies. “They’ve really changed the rules around what the debate around encryption is,” said Christopher Parsons, a senior research associate for Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto. Most major cloud services including […]

The post Apple’s new solution to combat child abuse imagery could radically shift encryption debate appeared first on CyberScoop.

Continue reading Apple’s new solution to combat child abuse imagery could radically shift encryption debate→

Apple issues security update for WebKit flaws

Posted on May 3, 2021 by Shannon Vavra

Apple released a series of security updates Monday to counter hackers actively exploiting two flaws affecting some later-generation iPhones, as well as a whole host of iPad and iPod models. The update includes a fix for one of the flaws, a memory corruption issue, would have allowed hackers to arbitrarily execute code on victim devices, Apple said. The other flaw that Apple fixed would have allowed external actors to execute arbitrary code, too. Both of the issues affected WebKit, Apple’s web browser engine. Apple acknowledged that there are reports that hackers have been exploiting both issues in the wild to hack victims’ devices. Apple does not identify which hackers have been taking advantage of the vulnerabilities. It’s just the latest vulnerability cleanup Apple has had to grapple with in the past several months. Last week Apple pushed a security update that addressed a logic bug that made it so hackers […]

The post Apple issues security update for WebKit flaws appeared first on CyberScoop.

Continue reading Apple issues security update for WebKit flaws→

Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed

Posted on April 21, 2021 by Tim Starks

“Snoop onto them… as they’d snoop onto us.” Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. To accompany a blog post on what Marlinspike and his team of researchers learned, Signal produced a demonstration video featuring the above line of dialogue from the movie “Hackers.” In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. The vulnerabilities would amount to an ironic turn for Cellebrite, which makes its money hacking into smartphones. Its customer base includes the U.S. government and some authoritarian regimes, although the Israeli company recently announced it would stop doing business with Russia or […]

The post Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed appeared first on CyberScoop.

Continue reading Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed→

Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Posted on November 6, 2020 by Sean Lyngaas

Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data. The researchers who found the flaws said that attackers were actively exploiting them. Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Apple users are protected if they update their software, which the company encouraged them to do on Thursday. Project Zero, Google’s team of security researchers that found the vulnerabilities, said hackers exploited the flaws in targeted attacks, but did not disclose the victims or perpetrators. Shane Huntley, of Google’s Threat Analysis Group, said the activity was not related to the U.S. election. Vulnerabilities in iPhone software are coveted by spies and criminals alike because of the popularity of the phones around the world, and the resources […]

The post Apple releases patches for 3 iOS zero days that hackers used for targeted attacks appeared first on CyberScoop.

Continue reading Apple releases patches for 3 iOS zero days that hackers used for targeted attacks→

Researcher claims $100,000 for ‘Sign in with Apple’ hack

Posted on June 1, 2020 by Sean Lyngaas

The same login feature that Apple introduced last year to protect privacy could have been abused to hack into third-party applications on an iPhone, a security researcher has found. The discovery earned New Delhi-based programmer Bhavuk Jain $100,000, he said, highlighting the critical nature of the flaw and the big payouts Apple has been offering through a bug bounty program it expanded last year. Jain figured out how to generate a login token for an Apple ID and use it to access third-party apps with lax security. Manipulating the tokens at their source was all Jain needed to access the apps. The research comes a year after Apple unveiled the “Sign in with Apple” feature, which authenticates users on apps without disclosing their Apple IDs. Apple has touted it as a more privacy-conscious alternative to requiring users to log in to apps through their social media accounts. Jain did not detail […]

The post Researcher claims $100,000 for ‘Sign in with Apple’ hack appeared first on CyberScoop.

Continue reading Researcher claims $100,000 for ‘Sign in with Apple’ hack→

Hackers have been exploiting two zero-days to break into iPhones and iPads

Posted on April 22, 2020 by Shannon Vavra

A zero-day vulnerability in Apple’s Mail application for iOS has been used to target high-profile victims around the world for more than two years, according to ZecOps research published Wednesday. The flaw, which ZecOps uncovered through conducting a routine digital forensics and incident response investigation, is triggered by sending emails that consume a “significant amount” of a device’s memory. From there, hackers could gain access to email accounts via Mail, gaining the ability to leak, modify, or delete emails. If the attackers want to cause additional harm and gain further access to victim devices, it “would require an additional infoleak bug [and] a kernel bug afterwards,” the researchers write in a blog that details their findings. ZecOps assesses with “high confidence” that individuals at a U.S. company in the Fortune 500, managed security service providers from Saudi Arabia and Israel, an executive in Japan, a journalist in Europe, and a […]

The post Hackers have been exploiting two zero-days to break into iPhones and iPads appeared first on CyberScoop.

Continue reading Hackers have been exploiting two zero-days to break into iPhones and iPads→

Researcher claims $75K payout from Apple for iPhone camera hack

Posted on April 3, 2020 by Sean Lyngaas

Apple has paid a cybersecurity researcher $75,000 for a software exploit chain used to access an iPhone camera and microphone, the researcher said this week. They are the kind of invasive capabilities that a spyware vendor would drool over. But Ryan Pickren, an Atlanta-based white-hat hacker, worked with Apple’s bug bounty program to get them fixed. “I had some experience looking for bugs in [Apple’s web browser] Safari before they launched their bug bounty program,” Pickren told CyberScoop in an email, describing why he took on what he called “two weeks of intense research.” Pickren figured out how to trick a Safari browser into serving up malicious code to infiltrate the iPhone camera and steal browser passwords. He did it by abusing the trust the iPhone was placing in Safari websites — trust that the device didn’t place in non-native applications. The malicious Safari website offered Pickren and his chain of exploits direct access […]

The post Researcher claims $75K payout from Apple for iPhone camera hack appeared first on CyberScoop.

Continue reading Researcher claims $75K payout from Apple for iPhone camera hack→

As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones

Posted on November 14, 2019 by Jeff Stone

A new program in the App Store is promising to help users detect if outsiders are lurking on their device. The consulting firm Trail of Bits on Thursday announced iVerify, a toolkit meant to help users secure their accounts with a series of instructional guides. If the app works as intended, it also will scan iPhones for odd behavior that could prove its been hacked, like if other apps are transferring data in a way they shouldn’t be authorized. It’s available for $4.99 in the App Store, and is one of the first apps ever released in the marketplace meant to catch iPhone hacks, Motherboard reported. “It’s normally almost impossible to tell if your iPhone has been hacked, but our app gives you a heads-up,” the company said in a blog post. “iVerify periodically scans your device for anomalies that might indicate it’s been compromised, gives you a detailed report […]

The post As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones appeared first on CyberScoop.

Continue reading As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones→

Apple Releases iOS 12.4.1 Emergency Update to Patch ‘Jailbreak’ Flaw

Posted on August 27, 2019 by Unknown

Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you?

Let’s try it again…

Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was… Continue reading Apple Releases iOS 12.4.1 Emergency Update to Patch ‘Jailbreak’ Flaw→

iPhone holes and Android malware – how to keep your phone safe

Posted on August 16, 2019 by Paul Ducklin

Watch the latest Naked Security Live video for our non-technical tips to improve your online safety, whichever type of phone you prefer. Continue reading iPhone holes and Android malware – how to keep your phone safe→