Apple iOS
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Richi Jennings | | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Security Boulevard
South Korean iPhone Ban: MDM DMZ PDQ
Richi Jennings | | android, Apple, Apple iOS, Apple iPhone, bring your own device, byod, byod challenges, BYOD policy, BYOD Security, clandestine iPhone tracking, iPhone, iPhone and iPad, iphone security, Korea, Korean military, MDM, military, military grade security, Military Security, Mobile Device Management (MDM), North Korea, northkorea, Noth Korea, Operational military strategy, opsec, Samsung, Samsung Galaxy, SB Blogwatch, South Korea, southkorea
MDM Hindered: Android phones are still OK; this is Samsung’s home, after all ...
Security Boulevard
Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones
Richi Jennings | | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
Richi Jennings | | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB Blogwatch
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ...
Security Boulevard
Kaspersky Details Method for Detecting Spyware in iOS
Researchers with cybersecurity firm Kaspersky are detailing a lightweight method for detecting the presence of spyware, including The NSO Group’s notorious Pegasus software, in Apple iOS devices. The new method, which calls ...
Security Boulevard
More iOS Zero-Days, More Mercenary Spyware — This Time: Cytrox Predator
Richi Jennings | | 0day, Ahmed Eltantawy, Apple iOS, Apple zero-day, Citizen Lab, CVE-2023-41991, CVE-2023-41992, CVE-2023-41993, CVE-2023-4762, Cytrox, egypt, Google Project Zero, ios, iOS spyware, Predator spyware, Privacy, Sandvine, SB Blogwatch, spyware, Vodafone, Vodafone Egypt
Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government ...
Security Boulevard
New Apple ‘Rapid’ Update is Slow, Messy FAIL
Richi Jennings | | Apple, Apple iOS, apple security update, ios, iPhone, macos, patch, Rapid Security Response, RSR, SB Blogwatch
PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers ...
Security Boulevard
TikTok Circumvents Privacy Protections, Russian Sanction Attacks, Apple AirTag Anti-Stalking Measures
Tom Eston | | AirTag, AirTags, Apple, Apple iOS, Biden, Cybersecurity, Device Tracking, Digital Privacy, Episodes, Information Security, Infosec, Podcast, Privacy, Ransomware, Russia, security, Stalking, surveillance, technology, TikTok, tracking, Ukraine, Weekly Edition
How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden’s new sanctions against Russia, and ...
Defending Against Pervasive Spyware
The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press. The spyware successfully infiltrated the ...
Security Boulevard
The High Cost of Privacy By Default
In the ongoing “war” between Facebook and Apple over privacy, Apple’s new operating system, iOS 14.5 contains a feature that most people assumed—incorrectly—was already part of the operating system; the ability to ...
Security Boulevard