Tag Archives: apple

Apple paid $100,000 for “Sign in with Apple” vulnerability

Sign in with Apple vulnerability

Indian security specialist Bhavuk Jain received $100,000 from Apple via bug bounty program for detecting a critical vulnerability in Sign in with Apple. The problem allowed remote attackers to bypass authentication and seize user accounts in third-party services and applications that supported Sign in with Apple. Recall that the Sign …

Read More »

Apple claims hackers did not use fresh iOS 0-day

hackers use iOS 0-day

Earlier this week, ZecOps specialists reported about 0-day vulnerability in iOS, which, according to their data, hackers exploited since 2018 or even longer. However, Apple claims hackers did not use fresh iOS 0-day. The researchers wrote that exploiting the vulnerability does not require any interaction with the user, and attackers …

Read More »

Apple fixed 27 code execution vulnerabilities in a number of products

Apple fixed 27 vulnerabilities

Apple released macOS Catalina 10.15.4, in which fixed 27 vulnerabilities. Problems affected components such as Bluetooth, call history, CoreFoundation, FaceTime, the kernel, libxml2, Mail, sudo, and Time Machine. The exploitation of vulnerabilities allowed attackers to execute arbitrary code with system or kernel privileges, increase privileges on the system, and also …

Read More »

Vulnerability allows reading encrypted Apple Mail letters on macOS

Apple Mail Vulnerability on macOS

Back in July of this year, information security specialist Bob Gendler, specializing in Apple device issues, discovered that Apple Mail on macOS stores encrypted messages in clear text in the snippets.db database. In fact, this vulnerability allows reading encrypted Apple Mail letters on macOS. As Gendler explains on his blog, …

Read More »

The researcher equipped the Cisco firewall with a bug, spending only $200

Researcher Equipped Cisco With a Bug

FoxGuard researcher Monta Elkins equipped the Cisco firewall with a bug, the so-called “hardware bookmark,” without much expense and efforts. More than a year has passed since Bloomberg published an article describing the hardware “bookmarks” that were allegedly found on Supermicro server boards and allowed Chinese hackers to compromise them. …

Read More »

Vulnerability in Signal messenger allows spying on users

Signal Vulnerability Spying on Users

In the Android version of the Signal secure messenger has been identified a logical error that allows spying on users. With the vulnerability, criminals can initiate a call and automatically answer it without the consent of the user. In other words, with the help of a bug, you can turn …

Read More »