In 2019, Apple took legal action against Florida-based startup Corellium, claiming it was protecting the rights to its iOS operating system. Now the media have reported that Apple has finally lost the Corellium trial. The fact is that the developers of Corellium created virtual machines with iOS, while Apple did …
Read More »Apple security chief accused of attempted bribery of police officers
Apple’s global security chief, 50-year-old Thomas Moyer, was charged with attempted bribery of police officers. He allegedly offered hundreds of free iPads to law enforcement officials in Santa Clara County, where Apple is headquartered, in exchange for concealed weapons permits for company employees. Between February and August 2019, Sheriff Lance …
Read More »ProtonMail developers say Apple is holding us all as hostages
Management of the secure email service ProtonMail has sharply criticized Apple, claiming that the company is abusing its market position by using the App Store to control users and fight competitors, and thus holds us all as hostages. In his blog Andy Yen, ProtonMai CEO, writes that Apple has long …
Read More »Apple paid $100,000 for “Sign in with Apple” vulnerability
Indian security specialist Bhavuk Jain received $100,000 from Apple via bug bounty program for detecting a critical vulnerability in Sign in with Apple. The problem allowed remote attackers to bypass authentication and seize user accounts in third-party services and applications that supported Sign in with Apple. Recall that the Sign …
Read More »Apple claims hackers did not use fresh iOS 0-day
Earlier this week, ZecOps specialists reported about 0-day vulnerability in iOS, which, according to their data, hackers exploited since 2018 or even longer. However, Apple claims hackers did not use fresh iOS 0-day. The researchers wrote that exploiting the vulnerability does not require any interaction with the user, and attackers …
Read More »Apple fixed 27 code execution vulnerabilities in a number of products
Apple released macOS Catalina 10.15.4, in which fixed 27 vulnerabilities. Problems affected components such as Bluetooth, call history, CoreFoundation, FaceTime, the kernel, libxml2, Mail, sudo, and Time Machine. The exploitation of vulnerabilities allowed attackers to execute arbitrary code with system or kernel privileges, increase privileges on the system, and also …
Read More »Google reports that 80% of applications encrypt traffic by default
This week, Google reported about its success in adopting the HTTPS standard: 80% of applications encrypt traffic by default. So, in the official blog of the IT giant, appeared a message that currently 4 out of 5 applications (80%) available through the Google Play Store encrypt traffic by default and …
Read More »Third-party SDKs secretly collected data from Twitter and Facebook users
This week it became known that due to the use of third-party SDKs, the data of Twitter and Facebook users leaked to the side (of course, without any knowledge). SDK (software development kit) is a set of developmental tools that allows software specialists to create applications for a specific software …
Read More »Vulnerability allows reading encrypted Apple Mail letters on macOS
Back in July of this year, information security specialist Bob Gendler, specializing in Apple device issues, discovered that Apple Mail on macOS stores encrypted messages in clear text in the snippets.db database. In fact, this vulnerability allows reading encrypted Apple Mail letters on macOS. As Gendler explains on his blog, …
Read More »The researcher equipped the Cisco firewall with a bug, spending only $200
FoxGuard researcher Monta Elkins equipped the Cisco firewall with a bug, the so-called “hardware bookmark,” without much expense and efforts. More than a year has passed since Bloomberg published an article describing the hardware “bookmarks” that were allegedly found on Supermicro server boards and allowed Chinese hackers to compromise them. …
Read More »