iOS Archives - Page 2 of 5 - Cyber Security Minute

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

Issued by: Dark Reading

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal sensitive information from corporate clouds. Symantec researchers uncovered 1,859 business apps that use hardcoded AWS credentials, specifically access tokens. Of these, three-quarters (77%) contain valid…

Mobile Security

New Open Source Tool Shows Code Injected Into Websites by In-App Browsers

Issued by: Security Week

Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks. Researcher Felix Krause published a blog post earlier this month claiming that…

Vulnerabilities

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)

Issued by: Help Net Security

Another month, another zero-day (CVE-2022-22620) exploited in the wild that has been fixed by Apple. About CVE-2022-22620 CVE-2022-22620 is a use after free issue in WebKit, the browser engine used in Safari and all iOS web browsers. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3. “Processing maliciously crafted…

Mobile Security

Apple Patches iOS HomeKit Flaw After Researcher Warning

Issued by: Security Week

The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes the device to hang when processing maliciously crafted HomeKit accessory names. The sudden appearance of the patch comes almost two weeks after researcher Trevor Spiniolas publicly documented the HomeKit bug and warned that it…

Application Security

Apple Patches Under-Attack iOS Zero-Day

Issued by: Security Week

The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple’s flagship iOS platform and the company said it was “aware of reports that an exploit for this issue exists in the wild.” As is customary, the company did not provide any additional details on the in-the-wild attacks. A brief advisory describes…

Mobile Security, Vulnerabilities

New Jailbreak Tool Works on Most iPhones

Issued by: Dark Reading

Unc0ver, a team of hackers behind the jailbreak tool, released a new tool that works on nearly every iPhone model and exploits a flaw that Apple reported was under active attack last month. The group says its new tool works on iOS 11 to iOS 14.3, which was rolled out in December 2020. It reportedly…

Mobile Security

Apple fixes three actively exploited iOS zero-days

Issued by: Help Net Security

Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers. The three zero-days Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running…

Application Security

40% of COVID-19 contact tracing apps lack basic protections

Issued by: Help Net Security

Guardsquare announced the release of a report which reassesses the levels of security protections and privacy risks of COVID-19 contact tracing apps. The report found that of the 95 mobile apps analyzed, 60% use the official API for secure exposure notifications. For the remaining 40% of the contact tracing apps, the majority of which gather…

Software Security

macOS Big Sur 11.0.1 Patches 60 Vulnerabilities

Issued by: Security Week

macOS Big Sur 11.0 was officially launched on November 12 and on the same day Apple released its first update, version 11.0.1. The company has advised customers to update to this version — macOS Big Sur 11.0 comes preinstalled on certain Mac models — but there have been reports that the Big Sur update is…

Malware & Threats

Elusive hacker-for-hire group Bahamut linked to historical attack campaigns

Issued by: CSO

Attack attribution is one of the most difficult aspects of malware research and it’s not uncommon for different security companies to attribute attack campaigns to different threat actors only to later discover that they were the work of the same group. However, a new paper by researchers at Blackberry stands out by exposing an elusive…