Apple Archives - Page 4 of 8 - Cyber Security Minute

Snap’s Stock Drops as iPhone Privacy Controls Pinch Ad Sales

Issued by: Security Week

The revelation in Snap Inc.’s third-quarter earnings report sparked a sell-off in after-hours trading that could foreshadow one of the biggest one-day drops in the company’s stock since it went public in 2017. Snap’s shares plunged by nearly 22% in Thursday’s extended trading. If that decrease is mirrored in Friday’s regular trading session, it will…

Vulnerabilities

PoC Exploit Released for macOS Gatekeeper Bypass

Issued by: Security Week

The PoC exploit targets CVE-2021-1810, a vulnerability that can lead to the bypass of all three protections that Apple implemented against malicious file downloads, namely file quarantine, Gatekeeper, and notarization. This issue was found in the Archive Utility component of macOS Big Sur and Catalina and can be exploited using a specially crafted ZIP file….

Software Security

Apple Announces Delay of Child Protection Measures

Issued by: Security Week

The Silicon Valley giant had last month said iPhones and iPads would soon start detecting images containing child sexual abuse and reporting them as they are uploaded to its online storage in the United States. However, digital rights organizations quickly noted the tweaks to Apple’s operating systems create a potential “backdoor” into gadgets that could…

Vulnerabilities

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case

Issued by: Security Week

U.S. District Judge Paul A. Crotty said in a written order that Joshua Schulte had shown that he was sure he wanted to act as his own lawyer. Schulte, 32, faces an October trial on charges that he leaked CIA secrets to WikiLeaks, which published materials in 2017 that revealed how the CIA hacked Apple…

Mobile Security

Apple Warns EU Law ‘Risks Destroying iPhone Security’

Issued by: Security Week

The European Union last year unveiled tough draft rules targeting tech giants like Apple, Google, Amazon and Facebook that could shake up the way Big Tech does business. Cook, speaking at the VivaTech convention for startups in Paris, took aim at some of the rules that target online “gatekeepers” such as Apple which controls which…

Mobile Security

XcodeGhost Malware Discovered in 2015 Impacted 128 Million iOS Users

Issued by: Security Week

The information was uncovered in emails provided recently as part of the antitrust trial between Epic Games and Apple. The game maker filed a lawsuit against the tech giant last year in a California court over its App Store practices, specifically related to Apple removing Epic’s hit game, Fortnite, from the App Store for allegedly…

Application Security

Apple Patches Under-Attack iOS Zero-Day

Issued by: Security Week

The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple’s flagship iOS platform and the company said it was “aware of reports that an exploit for this issue exists in the wild.” As is customary, the company did not provide any additional details on the in-the-wild attacks. A brief advisory describes…

Mobile Security, Vulnerabilities

New Jailbreak Tool Works on Most iPhones

Issued by: Dark Reading

Unc0ver, a team of hackers behind the jailbreak tool, released a new tool that works on nearly every iPhone model and exploits a flaw that Apple reported was under active attack last month. The group says its new tool works on iOS 11 to iOS 14.3, which was rolled out in December 2020. It reportedly…

Malware & Threats

Attackers Already Targeting Apple’s M1 Chip with Custom Malware

Issued by: Dark Reading

The latest processor for Apple’s Macs — the M1 chip — has already become a target for malware authors, who have created Mac-specific binaries targeting the ARM64 architecture used by the processors, researchers said this week. For example, one MacOS malware downloader, dubbed Silver Sparrow, has a number of interesting properties, including the use of…

Mobile Security

Apple fixes three actively exploited iOS zero-days

Issued by: Help Net Security

Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running…