Skip to main content
Apple patches a critical privilege escalation flaw in iOS and iPadOS

Apple patches a critical privilege escalation flaw in iOS and iPadOS

As expected, Apple released the latest versions of its mobile operating systems, iOS 14.0 and iPadOS 14.0, on September 16, 2020. The big event has brought a series of previously announced perks to the iPhone, iPad, and iPod. These include, among other things, UI improvements, Siri enhancements, and privacy tweaks that limit the use of the microphone, camera, and geolocation by apps.

David Balaban
David Balaban
Apple Pay may soon get an extra security layer

Apple Pay may soon get an extra security layer

Evidence suggests that iOS 14 will likely introduce a Wallet feature allowing users to complete in-store purchases via QR codes aside from NFC. A mechanism called “optical coupling” could become an alternative to the currently dominant use of near-field communication (NFC) in scenarios where a user is buying from physical retailers.

David Balaban
David Balaban
Apple is slow to patch a Safari flaw that leads to data theft

Apple is slow to patch a Safari flaw that leads to data theft

A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.

David Balaban
David Balaban
Remove “Your iPhone has been hacked” pop-up ad

Remove “Your iPhone has been hacked” pop-up ad

Online frauds hinging on scare tactics are among cybercriminals’ favorites. This is a comparatively effortless way to bilk users of money or distribute malware. One of the recent scams of this kind involves popups that say, “Your iPhone has been hacked”. They appear when a would-be victim visits a fishy web page on their device, and the hoax typically continues due to drive-by downloads and malicious scripts being invoked as part of the original visit.

David Balaban
David Balaban
Apple is stepping up app verification through new App Attest API

Apple is stepping up app verification through new App Attest API

The DeviceCheck feature will get an overhaul in iOS 14, with the all-new App Attest API being added for more effective defenses against security threats. Apple has issued an advisory to iOS app developers, recommending that they make the most of the brand-new application programming interface (API) that will complement their app integrity protection with an extra layer. The functionality is part of the existing DeviceCheck service aimed at minimizing the abuse of code tailored for iOS platform.

David Balaban
David Balaban
Apple’s Secure Enclave is exposed to a new unpatchable exploit

Apple’s Secure Enclave is exposed to a new unpatchable exploit

Hackers claim to have discovered a flaw in several generations of the Secure Enclave chip that cannot be fixed because it’s exploitable at the hardware level. Secure Enclave, the proprietary technology used by Apple to step up the security of users’ data, is front-page news once again – this time, in a negative context.

David Balaban
David Balaban