Apple pays researcher $100,000 for reporting a new security bug
A developer earns a bug bounty reward for reporting a Sign in with Apple zero-day vulnerability that could allow a hacker to access users’ online accounts. When the “Sign in with Apple” service debuted in June 2019, it was praised for being a highly private way to authenticate with websites and applications. According to the company’s announcement made at last year’s Worldwide Developers Conference (WWDC) event, it was supposed to become a decent alternative to long-standing counterparts backed by Google and Facebook.
Apple sends 11 email advisories alerting users to security loopholes
Apple has issued email advisories covering 11 security flaws in its software and hardware products, with the fixes being available through the latest updates. The remedying roll-outs of Apple’s operating system versions for both desktop and mobile devices came in quick succession after these security alerts reached the general public. Patches are always welcome, especially if they are deployed proactively so that cybercriminals get hardly any chance to exploit weaknesses.
New jailbreak for iOS 13.5 is out
Ethical hackers have released an advanced jailbreak tool that exploits a zero-day vulnerability to support the latest iOS 13.5 version. A crew of hackers collectively calling themselves Unc0ver have masterminded a tool allowing users to jailbreak iOS 11 and later, including iOS 13.5 that went live just last week. The utility circumvents the security and software limitations built into iDevices.
iPadOS and iOS 13.5 released that patches vulnerabilities affecting the Mail app
Apple is rolling out a major update to iOS and iPadOS that addresses serious security flaws and brings several interesting features under the hood. The release of the new iPadOS and iOS 13.5 officially went live on May 20, 2020, and the update is currently underway globally. In addition to the usual bug fixes, stability tweaks, and performance improvements, it has a tangible focus on users’ health through the Exposure Notification API.
Major Thunderbolt security loopholes fuel data theft, Macs partially affected
A Dutch researcher has unearthed critical flaws in Intel’s Thunderbolt interface that allow an attacker to hack a vulnerable system in minutes. If your computer is equipped with a Thunderbolt port and was manufactured before 2019, then it’s most likely susceptible to a stealth compromise codenamed Thunderspy. It allows an attacker to exploit the interface for bypassing the regular authentication and gaining a foothold in the machine even if it is locked and its hard drive is encrypted.
Apple is at odds with DOJ over evidence posing “national security concerns”
Apple is confronted with U.S. government intervention in the newsmaking copyright infringement lawsuit against virtualization services provider Corellium. The Department of Justice appears to be hampering the Cupertino technology giant’s efforts to present new evidence in court. DOJ has stated that the materials (photos) may have “national security concerns” and therefore Apple must provide them to federal government officials for examination before enrolling them in the lawsuit.