Researcher unveils a new macOS security flaw
A developer has found a vulnerability that allows an attacker to bypass privacy protections in macOS Mojave and later versions of the operating system. The exploit was discovered by a macOS developer named Jeff Johnson in September 2019 but hadn’t been disclosed to the public until late June 2020. The reason for this gap is that the enthusiast reported his findings to the Apple Security Bounty Program the day it was launched in an attempt to get a reward.
Safari 14 will introduce Face ID and Touch ID for the web
Apple is bridging the gap between its proprietary biometric authentication features and websites for a seamless sign-in experience not relying on passwords. Those using an iPhone, an iPad, or a MacBook with the Touch Bar onboard should be familiar with the Face ID and Touch ID features. They enable biometric authentication to log into applications so instead of the traditional username and password combo. Apple is planning to extend the use cases of these mechanisms far beyond apps and services.
Malware authors use a new trick to circumvent macOS Catalina defenses
Security researchers discovered an unusual malware campaign targeting Mac computers that gets around the security mechanisms built into macOS Catalina. The devious scheme recently added to Mac malware makers’ genre allows harmful code to bypass Apple’s app notarization process. This security routine has been a part of the Gatekeeper feature since the October 2019 release of macOS Catalina 10.15. It raised the entry bar for suspicious software by displaying a popup alert whenever a user tries to execute an unverified program.
Apple launches a new project to boost password security
Apple is up to enhancing its users’ authentication practices by releasing a list of password criteria for developers and password management services. The new initiative codenamed the “Password Manager Resources” project aims to create a roadmap for the parties involved in masterminding and implementing secure login procedures. Coders and providers of password management applications shape up the primary audience of this groundbreaking move.
Apple pays researcher $100,000 for reporting a new security bug
A developer earns a bug bounty reward for reporting a Sign in with Apple zero-day vulnerability that could allow a hacker to access users’ online accounts. When the “Sign in with Apple” service debuted in June 2019, it was praised for being a highly private way to authenticate with websites and applications. According to the company’s announcement made at last year’s Worldwide Developers Conference (WWDC) event, it was supposed to become a decent alternative to long-standing counterparts backed by Google and Facebook.
Apple sends 11 email advisories alerting users to security loopholes
Apple has issued email advisories covering 11 security flaws in its software and hardware products, with the fixes being available through the latest updates. The remedying roll-outs of Apple’s operating system versions for both desktop and mobile devices came in quick succession after these security alerts reached the general public. Patches are always welcome, especially if they are deployed proactively so that cybercriminals get hardly any chance to exploit weaknesses.