REvil operators are blackmailing Apple

Media reported that REvil ransomware operators are blackmailing Apple and demand a ransom. Otherwise, they threaten to arrange a leak of company’s confidential information. The hackers claim to have obtained data on Apple products after the Taiwanese company Quanta Computer was hacked. It is the world’s largest laptop manufacturer and also one of the few… Continue reading REvil operators are blackmailing Apple

Discovery of XSS vulnerability on iCloud website brought expert $5,000

Vishal Bharad, an Indian bug hunter and pentester, explained in a blog post, how he discovered an XSS vulnerability on iCloud.com. Initially, the researcher searched the site for vulnerabilities related to CSRF (Cross-Site Request Forgery), IDOR (Insecure Direct Object Reference), logical errors, and so on, but by accident discovered XSS vulnerability. The vulnerability was present… Continue reading Discovery of XSS vulnerability on iCloud website brought expert $5,000

Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites

Confiant experts report that malicious ads have been abusing a zero-day vulnerability in WebKit browsers engine (CVE-2021-1801) since last year, and although the patches were released in early February, attacks are still ongoing. Due to this vulnerability, users were sent from trusted resources to fraudulent sites. According to researchers, a hack group called ScamClub, active… Continue reading Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites

Researcher compromised 35 companies through new “dependency confusion” attack

Information security expert Alex Birsan spoke about a new attack called “dependency confusion”. The problem is a variation of the supply chain attack. Besides the name “dependency confusion”, the attacks is also called a “substitution attack”. For detecting this method of attacks, the researcher has already received more than $130,000 from various companies through bug… Continue reading Researcher compromised 35 companies through new “dependency confusion” attack

Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government

In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft, and Mozilla responded by blocking the MitM certificate of the Kazakhstan government. Let me remind you that these attempts began back in 2015, when the government first announced the introduction… Continue reading Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government

New Internet Protocol ODoH will hide websites visited by users from ISPs

Engineers at Cloudflare and Apple have created a new internet protocol, ODoH, to fill one of the biggest internet security gaps many people don’t even know existed. The protocol named Oblivious DNS-over-HTTPS (ODoH), will make it much more difficult for ISPs to track user activity on the Web. Each time a user visits a site… Continue reading New Internet Protocol ODoH will hide websites visited by users from ISPs

Linus Torvalds doubts that Linux will run on Apple M1

Recently on the Real World Technologies forum Linus Torvalds was asked what he thinks of Apple’s new M1 laptops. Torvalds then vague replied, “I would love to have this [laptop] if ran on Linux.” Then, not everyone understood what exactly Torvalds saw as the problem, and now, in an interview with ZDNet journalists, the Linux… Continue reading Linus Torvalds doubts that Linux will run on Apple M1

Attackers again deceived Apple’s notarization process

In September 2020, I talked about how the Shlayer malware successfully passed the notarization process and was able to run on any Mac running macOS Catalina and newer. Now there is information that the attackers again deceived the notarization process. Apple introduced the “notarization process” security mechanism in February of this year: any Mac software… Continue reading Attackers again deceived Apple’s notarization process

Shlayer malware bypassed Apple security checks

Security expert Peter Dantini discovered that the Shlayer malware bypassed Apple’s checks: it successfully passed the software notarization process and could run on any Mac running macOS Catalina and newer. In February of this year, Apple introduced a new security mechanism: any Mac software distributed outside the App Store must go through a notarization process… Continue reading Shlayer malware bypassed Apple security checks

Google experts talked about vulnerabilities in Apple operating systems

Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems. For example, they are part of the Image I/O framework, which is used for parsing images and is part of iOS, macOS, tvOS and watchOS. Overall were identified 14 vulnerabilities, six of which directly affect Apple Image I/O, and eight more problems… Continue reading Google experts talked about vulnerabilities in Apple operating systems