Apple is slow to patch a Safari flaw that leads to data theft
A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.
Remove “Your iPhone has been hacked” pop-up ad
Online frauds hinging on scare tactics are among cybercriminals’ favorites. This is a comparatively effortless way to bilk users of money or distribute malware. One of the recent scams of this kind involves popups that say, “Your iPhone has been hacked”. They appear when a would-be victim visits a fishy web page on their device, and the hoax typically continues due to drive-by downloads and malicious scripts being invoked as part of the original visit.
Apple is stepping up app verification through new App Attest API
The DeviceCheck feature will get an overhaul in iOS 14, with the all-new App Attest API being added for more effective defenses against security threats. Apple has issued an advisory to iOS app developers, recommending that they make the most of the brand-new application programming interface (API) that will complement their app integrity protection with an extra layer. The functionality is part of the existing DeviceCheck service aimed at minimizing the abuse of code tailored for iOS platform.
Apple’s Secure Enclave is exposed to a new unpatchable exploit
Hackers claim to have discovered a flaw in several generations of the Secure Enclave chip that cannot be fixed because it’s exploitable at the hardware level. Secure Enclave, the proprietary technology used by Apple to step up the security of users’ data, is front-page news once again – this time, in a negative context.
Apple’s Face ID will likely get a boost
iPhone and iPad users have been familiar with the Face ID technology since 2017 when it made its debut with the release of the iPhone X. It’s generally thought of as a handy and highly secure way to unlock devices and even make purchases without having to enter passwords. The facial recognition routine is not perfectly accurate in every situation, though. The so-called “evil twin” attack demonstrates how a potential adversary can be erroneously identified as the legitimate device owner based on similar face patterns.
Safari 14 will introduce Face ID and Touch ID for the web
Apple is bridging the gap between its proprietary biometric authentication features and websites for a seamless sign-in experience not relying on passwords. Those using an iPhone, an iPad, or a MacBook with the Touch Bar onboard should be familiar with the Face ID and Touch ID features. They enable biometric authentication to log into applications so instead of the traditional username and password combo. Apple is planning to extend the use cases of these mechanisms far beyond apps and services.