Security of over a billion iPhone owners and users of popular instant messengers is at risk due to a vulnerability in Apple iCloud. As the Forbes reports, private messages sent via iMessage and WhatsApp on iPhone are not secure when using factory settings. While encrypted apps like iMessage and WhatsApp keep messages on the device… Continue reading Vulnerability in Apple iCloud puts billion users at risk
Tag: Apple
Users can be lured to a malicious site through a vulnerability in Apple AirTag
Security researcher Bobby Rauch discovered a vulnerability in AirTag key fobs, which Apple advertises as a convenient solution for tracking personal belongings (for example, laptops, phones, car keys, backpacks, and so on). Gadgets are susceptible to a stored XSS vulnerability. Rauch has revealed the issue, although the patch is not yet available, as he was… Continue reading Users can be lured to a malicious site through a vulnerability in Apple AirTag
Experts showed fraudulent payments from a locked iPhone with Apple Pay and a Visa card
Scientists talked about how to make fraudulent payments using Apple Pay with a Visa card on a locked iPhone. This scam works over the air, even if the iPhone is in your bag or pocket, and has no limit on the number of transactions. A report on this issue [PDF] will be presented at the… Continue reading Experts showed fraudulent payments from a locked iPhone with Apple Pay and a Visa card
Criminals threaten to leak new Apple logo, if the company doesn’t pay the ransom
Last week it became known that the operators of the ransomware REvil are trying to blackmail Apple, and now the criminals threaten to leak the company’s new logo into the network, if the company doesn’t pay the ransom. The hackers claim to have obtained data on Apple products after the Taiwanese company Quanta Computer was… Continue reading Criminals threaten to leak new Apple logo, if the company doesn’t pay the ransom
REvil operators are blackmailing Apple
Media reported that REvil ransomware operators are blackmailing Apple and demand a ransom. Otherwise, they threaten to arrange a leak of company’s confidential information. The hackers claim to have obtained data on Apple products after the Taiwanese company Quanta Computer was hacked. It is the world’s largest laptop manufacturer and also one of the few… Continue reading REvil operators are blackmailing Apple
Discovery of XSS vulnerability on iCloud website brought expert $5,000
Vishal Bharad, an Indian bug hunter and pentester, explained in a blog post, how he discovered an XSS vulnerability on iCloud.com. Initially, the researcher searched the site for vulnerabilities related to CSRF (Cross-Site Request Forgery), IDOR (Insecure Direct Object Reference), logical errors, and so on, but by accident discovered XSS vulnerability. The vulnerability was present… Continue reading Discovery of XSS vulnerability on iCloud website brought expert $5,000
Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites
Confiant experts report that malicious ads have been abusing a zero-day vulnerability in WebKit browsers engine (CVE-2021-1801) since last year, and although the patches were released in early February, attacks are still ongoing. Due to this vulnerability, users were sent from trusted resources to fraudulent sites. According to researchers, a hack group called ScamClub, active… Continue reading Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites
Researcher compromised 35 companies through new “dependency confusion” attack
Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”. For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug… Continue reading Researcher compromised 35 companies through new “dependency confusion” attack
Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government
In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft, and Mozilla responded by blocking the MitM certificate of the Kazakhstan government. Let me remind you that these attempts began back in 2015, when the government first announced the introduction… Continue reading Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government
New Internet Protocol ODoH will hide websites visited by users from ISPs
Engineers at Cloudflare and Apple have created a new internet protocol, ODoH, to fill one of the biggest internet security gaps many people don’t even know existed. The protocol named Oblivious DNS-over-HTTPS (ODoH), will make it much more difficult for ISPs to track user activity on the Web. Each time a user visits a site… Continue reading New Internet Protocol ODoH will hide websites visited by users from ISPs