Skip to main content
Apple patches a critical privilege escalation flaw in iOS and iPadOS

Apple patches a critical privilege escalation flaw in iOS and iPadOS

As expected, Apple released the latest versions of its mobile operating systems, iOS 14.0 and iPadOS 14.0, on September 16, 2020. The big event has brought a series of previously announced perks to the iPhone, iPad, and iPod. These include, among other things, UI improvements, Siri enhancements, and privacy tweaks that limit the use of the microphone, camera, and geolocation by apps.

David Balaban
David Balaban
Apple Pay may soon get an extra security layer

Apple Pay may soon get an extra security layer

Evidence suggests that iOS 14 will likely introduce a Wallet feature allowing users to complete in-store purchases via QR codes aside from NFC. A mechanism called “optical coupling” could become an alternative to the currently dominant use of near-field communication (NFC) in scenarios where a user is buying from physical retailers.

David Balaban
David Balaban
Crooks hoodwink Apple into green-lighting adware apps

Crooks hoodwink Apple into green-lighting adware apps

The authors of notorious Mac adware found a workaround to fool Apple’s app notarization mechanism into allowing their code to run on Macs. The strain known as Shlayer can easily slip below the radar by making the system think it’s safe, while it’s not. In early 2020, Apple brought extra protection to the Mac by extensively checking third-party applications for dodgy characteristics such as code-signing inconsistencies.

David Balaban
David Balaban
Apple is slow to patch a Safari flaw that leads to data theft

Apple is slow to patch a Safari flaw that leads to data theft

A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.

David Balaban
David Balaban
Xcode projects weaponized to distribute Mac malware

Xcode projects weaponized to distribute Mac malware

A sneaky strain of malware dubbed XCSSET is doing the rounds via poisoned Xcode projects, mostly affecting Safari and other browsers running on a victim’s Mac. The unorthodox infection chain has been recently discovered by a team of researchers at Trend Micro. According to their findings, malicious actors are exploiting Xcode projects to host and spread harmful payloads. For those uninitiated, Xcode is an integrated development environment (IDE) for macOS.

David Balaban
David Balaban
Macros vs macOS: advanced exploit chain targeting Macs

Macros vs macOS: advanced exploit chain targeting Macs

Well-known researcher unveils a new powerful exploit that allows executing malicious Office macros on a Mac computer with zero user interaction. Macros in Office documents are intended to facilitate the execution of iterative tasks. These are shortcuts to performing routine actions and therefore they are, ideally, both helpful and benign. However, in pursuit of workarounds to plague systems with malicious code, cybercriminals have been mishandling macros for years.

David Balaban
David Balaban