Tech giants Apple, Samsung and Microsoft have broken their silence on the latest leak from WikiLeaks that revealed the CIA hacked into their products for surveillance purposes. Apple claimed to have previously addressed the vulnerabilities in their operating system, iOS, revealed in Tuesday’s ‘Vault 7’ leak from WikiLeaks.
“While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities,” the company said in a statement, urging customers to update to the latest version of iOS to ensure they have the most recent security updates.Read more
A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems. Malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.
An Apple spokesperson denied there was a security incident. However, Supermicro's senior vice-president of technology, Tau Leng, told that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment.Read more
Apple has reportedly acquired Israeli startup RealFace, which makes facial recognition software to authenticate users by simply showing their mug, rather than having to enter a password or fingerprint.
Startup Nation Central, a database for Israeli tech companies, says Apple acquired RealFace this month. RealFace's website was offline Sunday morning and contact information was unavailable. Tel Aviv-based RealFace launched in 2014 and its first product was an app called Pickeez, which selected a user's best photos from various platforms using its RealFace recognition software.Read more
Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who regularly use the music composing software should pay particular attention.
The lone flaw addressed in the update allows an attack to remotely execute simply by running a malformed .band file. Apple uses the .band format for all GarageBand project files. In theory, a crook could exploit the bug by convincing the user to run the specially crafted .band file that would target the bug.Read more
If you think clearing your web browsing history on your iPhone or Mac is going to make your online habits permanently disappear, you'd be wrong. Very wrong. Apple is storing Safari histories in the iCloud going back more than a year, possibly much longer, even where the user has asked for them to be wiped from memory.
Elcomsoft chief Vladimir Katalov told the iPhone maker kept a separate iCloud record, titled "tombstone," in which deleted web visits were stored, ostensibly for syncing across devices. Katalov told me he came across the issue "by accident" when he was looking through the Safari history on his own iPhone.Read more
The hacker says this demonstrates that when organizations make hacking tools, those techniques will eventually find their way to the public. In January, experts reported that a hacker had stolen 900GB of data from mobile phone forensics company Cellebrite.
The data suggested that Cellebrite had sold its phone cracking technology to oppressive regimes such as Turkey, the United Arab Emirates, and Russia. Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools.Read more
Apple is introducing a new analytics section to its iOS privacy settings where it will ask for permission to analyze iCloud account data to improve Siri and other smart features.
Apple has been critical of Silicon Valley's addiction to harvesting and monetizing user data for ads, but it appears Apple sees some sense in accessing user data and will be seeking to use more of it in the near future. An iOS 10.3 beta released last week contained a note under the title 'iCloud Analytics & Privacy', explaining that Apple wants to analyze iCloud account data to improve intelligent features such as Siri.Read more
Security researchers have discovered a rare piece of Mac-based espionage malware that relies on outdated coding practices but has been used in some previous real-world attacks to spy on biomedical research center computers.
Dubbed Fruitfly, the malware has remained undetected for years on macOS systems despite using unsophisticated and "antiquated code." According to the researchers, the recently discovered what they're calling "the first Mac malware of 2017" contains code that dates before OS X, which has reportedly been conducting detailed surveillance operation on targeted networks, possibly for over two years.Read more
Chris Lattner, Apple's head of developer tools and the creator of its uber-popular programming language, Swift, this week announced plans to join Tesla. People leave their jobs for all kinds of reasons, especially when they are offered exciting new jobs at important, on-the-rise companies.
But someone in Lattner's circle of developer friends shared some insight at to why Lattner may have been calling it quits at Apple now, even as one of his major contributions, Swift, had really taken off. The person experts talked to said one big reason was that Apple's culture of secrecy was wearing on him, particularly because it was his job to create open-source developer tools.Read more
Mac OS users running Safari are falling victim to a tech support scam that can freeze their computer, according to a Thursday post on the MalwareBytes Labs blog. Similar previous campaigns have used fake alerts notifying victims that something is wrong with their computer, prompting them to reach out for tech assistance.
By clicking onto a phony site, or by calling a phony assistance number, the victim can then authorize attackers to gain control of their machines. One version of this scam, which targeted the browser, was dubbed a browlock. Another one which actually loaded malware onto devices was termed a screen locker.Read more