Major Thunderbolt security loopholes fuel data theft, Macs partially affected
A Dutch researcher has unearthed critical flaws in Intel’s Thunderbolt interface that allow an attacker to hack a vulnerable system in minutes. If your computer is equipped with a Thunderbolt port and was manufactured before 2019, then it’s most likely susceptible to a stealth compromise codenamed Thunderspy. It allows an attacker to exploit the interface for bypassing the regular authentication and gaining a foothold in the machine even if it is locked and its hard drive is encrypted.
Apple is at odds with DOJ over evidence posing “national security concerns”
Apple is confronted with U.S. government intervention in the newsmaking copyright infringement lawsuit against virtualization services provider Corellium. The Department of Justice appears to be hampering the Cupertino technology giant’s efforts to present new evidence in court. DOJ has stated that the materials (photos) may have “national security concerns” and therefore Apple must provide them to federal government officials for examination before enrolling them in the lawsuit.
Critical Zoom zero-days are up for sale on the dark web
Cybercriminals are reportedly selling two undocumented critical Zoom exploits that allow an attacker to infect systems and eavesdrop on users’ communications. As if the previously discovered Zoom security flaws weren’t enough to make people think twice before opting for this virtual conferencing service, analysts have recently bumped into a shady offer circulating in the cybercriminal underground. Hackers have put two critical Zoom zero-day exploits for sale, so any interested party with a sizable budget on their hands can buy and weaponize them.
Millions of users installed iOS fleeceware from official App Store
Security analysts are reporting a growth in fleeceware apps promoted on Apple’s App Store as free ones but eventually overcharging users for junk services. Fleeceware is a researchers-coined term denoting applications that follow questionable marketing practices and exhibit the following characteristics: they provide paid features that are available at zero or lower cost in other apps; and they may also pretend to be completely free but end up charging people after a short trial period expires.
Apple is the most mimicked brand in phishing scams
According to recent findings of security analysts, Apple customers are in the epicenter of brand-based phishing attacks in Q1 2020. If you own a Mac computer or an iOS device, numerous perks are at your fingertips. The only major caveat is that you are more likely to encounter brand-related phishing hoaxes compared to customers of any other popular technology company. In case you find this statement far-fetched, the Q1 2020 Brand Phishing Report by Check Point cybersecurity firm will prove you wrong.
macOS Catalina 10.15.4 gets bug fixes in a supplemental update
On April 8, Apple rolled out a supplemental update to the latest macOS Catalina 10.15.4 to address recent bugs and improve the system’s overall stability. This release came in quick succession after macOS version 10.15.4 which went live on March 24, 2020. The original update introduced a number of notable features and tweaks – here’s a brief roundup of what’s under the hood. One of them is iCloud Drive folder sharing through Finder. Another enhancement made it easier for parents to keep tabs on their kids’ online activities by enabling flexible communication limits in Screen Time.