Apple enforces new rigid app privacy requirements
Apple has made a bold move to pull the plug on app makers’ privacy foul play. The new rules now in effect require that every developer provides a clear-cut summary of what types of data their products collect. This is expected to raise users’ awareness of the potential privacy roadblocks they may hit down the road when using a particular application.
Long-standing Safari bug could fuel misinformation campaigns
The bug allowing this unorthodox exploitation to occur was originally spotted by the MacRumors website crew almost two years ago (in February 2019). In a nutshell, it boils down to an imperfection in the link-sharing feature of Safari on iPhone, iPad, and iPod touch mobile devices. While allowing anyone to add a text excerpt from an arbitrary article to the iMessage link preview...
Apple Pay may soon get an extra security layer
Evidence suggests that iOS 14 will likely introduce a Wallet feature allowing users to complete in-store purchases via QR codes aside from NFC. A mechanism called “optical coupling” could become an alternative to the currently dominant use of near-field communication (NFC) in scenarios where a user is buying from physical retailers.
Apple is slow to patch a Safari flaw that leads to data theft
A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.
Apple is stepping up app verification through new App Attest API
The DeviceCheck feature will get an overhaul in iOS 14, with the all-new App Attest API being added for more effective defenses against security threats. Apple has issued an advisory to iOS app developers, recommending that they make the most of the brand-new application programming interface (API) that will complement their app integrity protection with an extra layer. The functionality is part of the existing DeviceCheck service aimed at minimizing the abuse of code tailored for iOS platform.
Apple’s Secure Enclave is exposed to a new unpatchable exploit
Hackers claim to have discovered a flaw in several generations of the Secure Enclave chip that cannot be fixed because it’s exploitable at the hardware level. Secure Enclave, the proprietary technology used by Apple to step up the security of users’ data, is front-page news once again – this time, in a negative context.