Search This Blog

Showing posts with label Apple. Show all posts

Elon Musk is Planning to Develop an Alternate Smartphone

If Apple decides to remove Twitter from the App Store, Elon Musk has an easy strategy,  to build his own smartphone. 

Musk has changed a lot about Twitter since he joined at the end of October, including major staff cuts and firings that prompted managers in charge of data privacy and content moderation to resign.

In terms of content filtering, Musk fundamentally supports the right to free expression. Additionally, he apparently intends to attempt and make money for Twitter through explicit content. When Jack Dorsey was in charge, content filtering was more deliberate and concentrated on user 'safety,' outlawing obscenity, hate speech, and violence. 

Musk tweeted on Friday night, "If Apple & Google expel Twitter from their app stores, @elonmusk should manufacture his own smartphone," in response to the conservative commentator Liz Wheeler. The prejudiced, snooping iPhone & Android would be cheerfully abandoned by half of the country. A foolish little smartphone ought to be simple for the man who makes rockets to Mars, right? ”

"I sincerely hope it never comes to that, but indeed, If there is no other option, I will develop an alternate phone," Musk said.

Phil Schiller, a senior Apple marketing executive that oversees the company's App Store, deactivated his Twitter account last week, which could be a terrible sign for Twitter. After Musk criticized Apple's fees on Twitter, calling them a hidden 30% tax on the internet, Schiller made the change.











Apple and Google's Accused for Mobile Browser Monopoly Activities

The domination of Apple and Google in web devices and cloud gaming will be examined, according to the UK's authorities.

The Competition and Markets Authority announced on Tuesday that it is shifting forward on a market investigation it first suggested in June of how the companies regulate internet browsers for mobile devices and concerns that Apple restricts cloud gaming on its devices after receiving help in a public consultation.

The Competition and Markets Authority (CMA) found from market research conducted last year that they controlled the majority of mobile operating systems, app marketplaces, and web browsers.

If the 18-month study indicates an adverse impact on competition, the CMA may enforce modifications. However, the allegations are rejected by both businesses.

The authority announced on Tuesday that it is starting the investigation in part since the U.K. has put off giving its competition regulator new authority over digital markets, which is similar to what was recently passed in the European Union and which it claimed could help resolve those problems.

According to remarks released on Tuesday as part of the CMA's public consultation on its inquiry, some major IT rivals backed the investigation against Apple and Google. If nothing is done, Microsoft Corp. warned that Apple and Google's grip over its mobile ecosystems might pose growing challenges to the competition.






Apple Accused Over Monitoring Users' Behavior Without Consent


According to a lawsuit, despite the fact that settings on Apple's iPhones and other devices are designed to prevent any tracking or sharing of app data, the corporation nonetheless collects, tracks, and monetizes user details even after users have turned off sharing.

When using the App Store app on iOS 14.6, each click users make is recorded and given to Apple, according to the thread posted last week by the Twitter account Mysk, which is maintained by two developers in Canada and Germany. 

The developers assert that this occurs regardless of users’ preferences and settings. The developers claim that "opting out or switching the personalization options off did not decrease the amount of detailed data that the app was transmitting." Apple provides a number of toggles designed to limit tracking.

In a follow-up report by Gizmodo, the developers discovered that although the privacy toggles, a number of additional apps, including Music, TV, Books, the iTunes Store, and Stocks, all transferred data to Apple. The site claims that the majority of the apps that transmitted analytics data shared constant ID numbers, which would allow Apple to follow user behavior across its services like the Health and Wallet apps.

Elliot Libman, the plaintiff, alleged  Apple's assurances that users have control over the data they provide when using iPhone apps are factually false and in violation of the California Invasion of Privacy Act.

The thread also notes how ironic Apple's alleged surveillance appears given that strong controls were introduced in iOS 14.5 to stop third-party developers from tracking users against their own will. Although the iOS 14.6 operating system has been around for more than a year, the researchers said they observed identical apps sending comparable data packets when using iOS 16.

Warning to iPhone and Android Users: 400 Apps Could Leak Data to Hackers

 


Android and iPhone users are being told to delete specific apps from their mobile phones because they could potentially steal their data. 

According to reports, Facebook has issued a warning after discovering an apparent data hack. This appears to have infected more than 400 apps and appears to have been stealing sensitive login information from smartphones. Because these apps offer popular services such as photo editors, games, and VPNs, they can easily remain unnoticed. This is because they tend to advertise themselves as popular services.

The scam apps are designed to obtain sensitive consumer information by asking users to sign in via their Facebook account once the apps have been installed. Hull Live reported that this is being done for them to be able to access their features.

It has been reported that Facebook published a post on its newsroom about a malicious app that asks users to sign in with their Facebook account. This is before they can use its advertised features. If they enter their credentials, the malware steals their usernames and passwords, which is a serious security risk.

In this case, there are official Google Play Store and Apple App Store marketplaces where these applications are available for download. This means that thousands of devices could potentially have been installed on them.

Apple and Google have already removed these apps from their application stores, however, they can still be found on third-party marketplaces, so anyone who had already downloaded the apps could still be targeted if they had done so previously.

According to Facebook, this year, they have identified more than 400 malicious Android and iOS apps that target people across the internet to steal their login information. This is in a bid to gain access to their Facebook accounts.

Apple and Google have been informed of the findings. It is working to assist those who might be affected by these results in learning more about how to remain safe and secure with their online accounts.

According to Facebook, users should take the following steps to fix the problem:

• Reset and create new, stronger passwords. Keep your passwords unique across multiple websites so that you, do not have to reuse them.

• To further protect your account, you should be able to use two-factor authentication. Preferably by using the Authenticator app as a secondary security measure.

• Make sure that you enable log-in alerts in your account settings so you are notified if anyone attempts to gain access to your account.

• Facebook also outlined some red flags that Android and iPhone users should be aware of when choosing an app that is likely to be, fraudulent.

• Users must log in with social media to use the app and, it will only function once they have completed this step.

A Facebook spokesperson added that looking at the number of downloads, ratings, and reviews may help determine whether a particular app is trustworthy.

Apple Claims "SIM not Supported" Bug Hits iPhone 14 Series

Apple's 14th-generation iPhone launch has not gone all too well as anticipated. In its most recent announcement, Apple acknowledged that iPhone 14 users are affected by the SIM problem in iOS 16.

Apple has confirmed a new iOS 16 bug that is causing owners of the iPhone 14 inconvenience. A  message is displayed on their device that reads 'SIM not supported.' The business acknowledged the flaw and declared it is looking into the matter.

Apple strongly advises against restoring the device if the notice remains. The tech giant prefers that customers seek technical support from authorized Apple service providers or visit the nearest Apple Store. According to reports, Apple is developing a patch for this flaw and may deliver it by the end of the month.

Apple confirms in the memo that it is looking into the issue and that it is not a hardware-related one even if a fix is still pending. Since a software repair is possible, the affected iPhone 14 units would not need to be recalled. Apple advises iPhone 14 customers to wait until a fix is available because, occasionally, the error message will go away and the phones will start working normally again.

The business advised customers to 'upgrade to the current version of iOS to address the issue' if they experienced problems with Messages or FaceTime after configuring their new iPhone.

Apple stated that updating to the most recent version of iOS would fix any issues with iMessage and FaceTime not fully activating on the iPhone 14 and iPhone 14 Pro. 

Therefore, experts recommend holding off on upgrading to an iPhone 14 model until Apple has fixed more of these problems. The iOS 16.1 update is currently being developed by Apple and is anticipated to go live by the end of the month. The upcoming version will most likely include numerous new features, adjustments, and changes. A recent iOS 16.0.3 update from Apple is expected to fix a number of problems.

A Constant Battle Between Apple and Zero-Day Security Vulnerabilities

 


Recently, there has been a noticeable increase in the number of attackers targeting Apple, especially by using zero-day exploits. Among the main reasons why hackers like zero-day exploits so much are because they might just become the most valuable asset in a hacker's portfolio. As of 2022, Apple has discovered seven zero-day vulnerabilities in its products and has followed up on these discoveries with relevant updates to address these issues. Even so, it seems as though there will not be an end to this classic cat-and-mouse game anytime soon.

During 2021, there were more than double the amount of zero-days recorded, compared to the same year in 2020. This is the highest level since tracking began in 2014, with the number of zero-days increasing every year since then – the trend has been demonstrated by the repository maintained by Project Zero. 

As described by the MIT Technology Review, the increase in hacking over the past few years has been attributed to the rapid proliferation of hacking tools globally and the willingness of powerful state and non-state groups to invest handsomely in discovering and infiltrating these operating systems. Threat actors actively search for vulnerabilities and then sell the information about those vulnerabilities to the highest bidder.

Apple has repeatedly been compromised by these attackers. In 2022, Apple, one of the four most dominating IT companies in the world, is advancing into a year where it is welcoming a new year with two zero-day bugs in its operating systems, a WebKit flaw that could have left users' browsing data vulnerable and after recovering from 12 recorded exploits and remediations in 2021, they have been hit by two zero-day bugs in their operating systems. 

The company released 23 security patches less than one month after it discovered these issues. A new flaw was discovered that could be exploited by attackers to exploit a user's device if certain malicious websites are loaded onto a user's device, leading to an infection of their device.

Keeping this in mind, if we fast forward to August 17 of this year, we learn Apple has discovered two new vulnerabilities in its operating system  CVE-2022-32893 and CVE-2022-32894. The first vulnerability is a remote code execution (RCE) vulnerability in Apple's Safari Web browser kit, which is used by all browsers that are iOS-enabled and macOS-enabled. As for the second vulnerability, another RCE vulnerability, it gives attackers complete access to the user's software and hardware without any limitations. 

In the past couple of weeks, two major vulnerabilities have been found that affect a wide variety of Apple devices  especially the iPhone 6 and later models, the iPad Pro, iPad Air 2 onwards, iPad 5th generation and newer models, iPad mini 4 and newer versions, iPod touch (7th generation), and macOS Monterey. The officials updated the security systems to create a protected environment against “actively exploited” vulnerabilities.

The research team at Digital Shadows prepared a report which included that the Zero-day exploits sell for up to $10 million, which is the most expensive commodity in a rather wide array of cybercrime. The report further added that these exploits in the market are bound to expand and provoke more cyber threats.

Meta: Users Warned Against Android, iOS Apps That Are Stealing Facebook Passwords

As per the report published by Facebook parent Meta on Thursday, as many as a million Facebook users have been warned of the seemingly malicious application, they may have been exposed to. The Android and iOS malware is designed to steal passwords from social networking sites. 
 
This year so far, Meta has detected more than 400 fraudulent applications, and structures for Apple or Android-powered smartphones. The malicious apps are apparently made available at the Play Store and App Store, says director of threat disruption, David Agranovich during a briefing. 
 
"These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," states Meta in a Blog post.  
 
Reportedly, the fraudulent apps ask Facebook users to log in with their account information, enticing them with certain promising features. Ultimately, stealing user passwords and other credentials, if entered.  
 
"They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts [..] We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised," mentions Agranovich. 
 
With regard to these activities, Meta stated that it has shared information about the malicious apps with both Apple and Google, which controls the activities of their respective app shops.  
 
Considering this, Google said that most of the malicious apps mentioned by Meta have already been identified and removed from its Play Store by its vetting systems.  
 
"All of the apps identified in the report are no longer available on Google Play," a spokesperson told AFP. "Users are also protected by Google Play Protect, which blocks these apps on Android." 
 
On the other hand, Apple has yet not responded to questions about whether it took any action against the aforementioned apps. In the blog post, Meta also alerts internet users about certain activities they may unknowingly perform, that could leverage the threat actor.  
 
"We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts," the blog post notes.

Data Breach Targets Fast Company News

Fast Company's Apple News website currently displays a statement from the business confirming that it was hacked on Sunday afternoon, followed by another intrusion on Tuesday night that let threat actors to send bigoted notifications to smartphones via Apple News.

In a press release issued last night, the company claimed that "the statements are repulsive and are not by the contents and culture of Fast Company.  We have suspended FastCompany.com while we look into the matter and will not reopen it until it is resolved."

As soon as individuals on Twitter noticed the offensive Apple News notifications, the company disabled the Fast Company channel on the news network.

Data breach tactics

The website's webpage started to load up with articles headlined "Hacked by Vinny  Troia. [redacted] tongue my [redacted]. Thrax was here. " on Sunday afternoon, which was the first indication that Fast Company had been compromised.

In their ongoing dispute with security analyst Vinny Troia, members of the breached hacking group and the now-defunct RaidForums regularly deface websites and carry out attacks that they attribute to the researcher. Fast Company took the website offline for a while to address the defacement, but on Tuesday at around 8 PM EST, another attack occurred.

Hackers claim that after discovering that Fast Company was using WordPress for their website, they were able to compromise the company. The HTTP basic authentication which was supposed to have protected this WordPress installation was disregarded. The threat actor goes on to claim that they were able to enter the WordPress content management system by utilizing a relatively simple default password used on dozens of users.

Fast Company, according to the post, had a 'ridiculously easy' default password that was used on numerous accounts, including an admin account. The compromised account would have then been utilized by the threat actors to gain access to, among other things, authentication tokens and Apple News API credentials.

They assert that by using these tokens, they were able to set up administrator accounts on the CMS platforms, which were then used to send notifications to Apple News.

Threat actors gained access to an undefined number of customer names, birthdates, contact numbers, email, physical addresses, and personal documents, including license and passport numbers, through this same forum, which was at the center of the previous Optus breach. The hacker in question claims to have made 10,200 records available thus far. It's uncertain whether or when Apple News would reactivate the Fast Company channel.



Microsoft Alert a Major Click Fraud Scheme Targeting Gamers

Microsoft is keeping tabs on a widespread click fraud scheme that targets gamers and uses covertly installed browser extensions on hacked devices.

The act of exaggerating the number of clicks on pay-per-click advertisements that constitutes a fraudulent click. According to experts, botnets are responsible for approximately a third of the traffic created by advertising on ad networks. To safeguard their image and keep their clients happy, advertising platforms frequently use click fraud prevention techniques, such as the Google search engine. 

In a series of tweets over the weekend, Microsoft Security Intelligence stated that "attackers monetize clicks generated by a web node WebKit or malicious browser extension stealthily installed on devices."

The internet company clarified in a tweet that the initiative targets unaware people who click rogue advertising or comments on YouTube. 

By doing this, a fake game cheats ISO file will be downloaded, and when opened, it will install the threat actors' necessary browser node-webkit (NW.js) or browser extension. Microsoft also mentioned that they saw the actors using Apple Disk Image files, or DMG files, indicating that the campaign is a cross-platform endeavor. 

It's important to note that the ISO file contains hacks and cheats for the first-person shooter game Krunker. Cheats are software tools that provide users of a game with a distinct advantage over other players.

DMG files, which are Apple Disk Image files usually used to distribute software on macOS, are also employed in the attacks in place of ISO images, demonstrating that the threat actors are aiming their attacks at several operating systems.

The discovery is no longer shocking because threat actors frequently use gamers as fine targets in their efforts, especially those who are scrambling to locate free cheats online.

The prevalence of virus spreading through well-known game franchises was demonstrated earlier in September by a report from endpoint security provider and customer IT security software company Kaspersky. The most popular file was distributed via Minecraft, which had 131,005 users infected between July 2021 and June 2022. 



Apple Offers iOS Update to Fix Vulnerabilities

Apple has patched a vulnerability that was potentially used by hackers in its iOS 12 upgrade for older iPhone and iPad models. The vulnerability was discovered by an anonymous researcher, who has received acknowledgment.

The flaw, identified as CVE-2022-32893 (CVSS score: 8.8), affects WebKit and is an out-of-bounds write problem that could result in arbitrary code execution when processing maliciously created web content, according to a document released by the firm on Wednesday.

A security vulnerability found in the platform affects users of Google Chrome, Mozilla Firefox, and Microsoft Edge as well because WebKit powers Safari and every other third-party browser accessible for iOS and iPadOS.

The security patch fixes a Safari vulnerability that might have allowed unauthorized access for users to parse maliciously created web content and execute arbitrary code. With enhanced bounds checking, the developers appear to have found a solution. Apple stated that they are already aware of a report that claims the problem may have been intentionally exploited.

Several older Apple devices, including the iPhone 5S, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch, are compatible with the 275 MB update published to fix the vulnerability.

12.5.6, build 16H71, is the most recent version of the software. It appears to close the security flaw that the business recently fixed in the iOS 15.6.1 release, listed as CVE-2022-32893. 

After fixing two bugs in iOS 15.6.1, iPadOS 15.6.1, macOS 12.5.1, and Safari 15.6.1 as part of updates released on August 18, 2022, the iPhone manufacturer has released a new round of patches. 

The Cybersecurity and Infrastructure Security Agency (CISA), which discovered the significant bug and gave it a CVSS rating of 8.8, also identified it and published a warning about it last month.

Although specifics about the assaults' nature are unknown, Apple confirmed in a boilerplate statement that it was aware that this problem may have been actively exploited.

On September 7, Apple will also unveil the iPhone 14 series and iOS 16. Unfortunately, iOS 16 will not be made available to users of iPhone 8. Furthermore, older iOS device owners are urged to update as soon as possible to reduce security risks.

Lazarus Attacks Apple's M1 Chip, Lures Victims Via Fake Job Offers


New Attack by Lazarus

Advanced Persistent Threat (APT) Lazarus linked to North Korea is increasing its attack base with current operation In(ter)caption campaign, which targets Macs with M1 chip of Apple. The state-sponsored group continues to launch phishing attacks under the disguise of fake job opportunities. 

Threat experts at ESET (endpoint detection provider) alerted this week that they found a Mac executable disguised as a job details for an engineering manager position at the famous cryptocurrency exchange operator Coinbase. ESET's warning on twitter says that Lazarus posted the fake job offer to Virus total from Brazil. 

Operation In(ter)ception 

"The ongoing campaign and others from North Korea remain frustrating for government officials. The FBI blamed Lazarus for stealing $625 million in cryptocurrency from Ronin Network, which operates a blockchain platform for the popular NFT game Axie Infinity," reports DarkReading

Lazarus made the latest rebuild of the malware, Interception.dll, to deploy on Macs via loading three files- FinderFontsUpdater.app and safarifontsagent, fake Coinbase job offers and two executables. The binary can exploit Macs packed with Intel processors and with Apple's new M1 chipset. 

ESET experts began researching Operation In(ter)ception around three years back when the experts found attacks against military and aerospace companies. 

They observed that the operation's main goal was surveillance, but it also found incidents of the threat actors using a target's email account through a business email compromise (BEC) to finalize the operation. 

The interception.dll malware posts fake job offers to bait innocent victims, usually via LinkedIn. The Mac attack is the most recent one in a continuing aggressive front by Lazarus group to promote operation In(ter)ception, which has aggravated recently. ESET released a detailed white paper on the technique incorporated by Lazarus in 2020. 

It's an irony that the fake Coinbase job posting targets technically oriented people. The experts think that the threat actors were in direct contact, which means the victim was prompted to open whatever pop-up windows showed up on the screen to see the "dream job" offer from Coinbase. 

Apple revoked the certificate that would enable the malware to execute late last week after ESET alerted the company of the campaign. So now, computers with macOS Catalina v10.15 or later are protected, presuming the user has basic security awareness, saysPeter Kalnai, a senior malware researcher for ESET.


Apple Came With Lockdown Mode, a New Security Feature

On Wednesday, Apple shared details of a new, advanced version of the security option named Lockdown Mode for Apple device users who may face sophisticated cybersecurity threats. 

According to the technical details of the new security update, users can avail this Lockdown Mode this fall with iOS 16, iPadOS 16, and macOS Ventura. This extreme version of security feature is designed for a few users such as government officials, journalists, and activists, who are easy prey of NSO Group or other private state-sponsored mercenary spyware. 

Ivan Krstić, Apple's head of security engineering and architecture, called Lockdown Mode "a groundbreaking capability". "While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks." 

Lockdown Mode includes the following protection features:

• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode. 

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled. 

• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request. 

• Wired connections with a computer or accessory are blocked when iPhone is locked. 

• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on. 

Following the updates, Lori McGlinchey, the Ford Foundation’s director of its Technology and Society program, said, “The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression...” 

“…The Ford Foundation is proud to support this great initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”

Google: 5-year-old Apple Flaw Exploited

 

Google Project Zero researchers have revealed insights into a vulnerability in Apple Safari that has been extensively exploited in the wild. The vulnerability, known as CVE-2022-22620, was first patched in 2013, but experts identified a technique to overcome it in 2016. 

Apple has updated a zero-day vulnerability in the WebKit that affects iOS, iPadOS, macOS, and Safari and could have been extensively exploited in the wild, according to CVE org. 

In February, Apple patched the zero-day vulnerability; it's a use-after-free flaw that may be accessed by processing maliciously generated web content, spoofing credentials, and resulting in arbitrary code execution ."When the issue was first discovered in 2013, the version was patched entirely," Google Project Zero's Maddie Stone stated. "Three years later, amid substantial restructuring efforts, the variant was reintroduced. The vulnerability remained active for another five years before being addressed as an in-the-wild zero-day in January 2022." 

While the flaws in the History of API bug from 2013 and 2022 are fundamentally the same, the routes to triggering the vulnerability are different. The zero-day issue was then reborn as a "zombie" by further code updates made years later. 

An anonymous researcher discovered the flaw, and the corporation fixed it with better memory management. Maddie Stone examined the software's evolution over time, beginning with the code of Apple's fix and the security bulletin's description of the vulnerability, which stated that the flaw is a use-after-free flaw. 

“As an offensive security research team, we can make assumptions about the main issues that current software development teams face: Legacy code, short reviewer turn-around expectations, under-appreciation and under-rewarding of refactoring and security efforts, and a lack of memory safety mitigations” the report stated. 

"In October, 40 files were modified, with 900 additions and 1225 removals. The December commit modified 95 files, resulting in 1336 additions and 1325 removals," Stone highlighted. 

Stone further underlined the need of spending appropriate time to audit code and patches to minimize instances of duplication of fixes and to understand the security implications of the modifications being made, citing that the incident is not unique to Safari.

Apple Launches Passkey Feature For Password-less Verification

At WWDC 2022, Apple previewed and announced iPad OS 16, iOS 16, macOS 13, new MacBook Air and Pro, watchOS 9, new M2 chips, and other latest gadgets. With the improved functional features and new gadgets that have been added to these solutions, the aim is to strengthen user privacy and security. In May 2022, Google, Microsoft, and Apple announced to widen assistance for a common password-less sign-in standard developed by the FIDO Alliance, and the World Wide Web Consortium. 

According to the FIDO alliance, these companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use password-less functionality. The widened assistance means that users can automatically get their FIDO login credentials also known as "passkey" for their old and new devices without the need to re sign-up for every account. 

Besides this, the users can also use FIDO verification on their smartphones to log in to applications, websites, or any nearby devices. With Apple's new operating systems and tech, the extended support when practiced will lead to secure browsing in Safari and macOS Ventura, iOS and iPad 16, with passwords. Apple says passkeys are unique digital keys that stay on the device and are never stored on a web server, so hackers can’t leak them or trick users into sharing them. 

Made to replace the need for passwords, passkeys work using Face ID, Touch ID for biometric authentication, and iCloud Keychain to sync with iPad, iphone, Mac, and Apple TV via end-to-end encryption. Apple says "[Safety Check] includes an emergency reset that helps users easily sign out of iCloud on all their other devices, reset privacy permissions, and limit messaging to just the device in their hand. It also helps users understand and manage which people and apps they’ve given access to."

Apple Blocks Millions of Apps and Restricts User Accounts

In 2021, Apple prevented more than 3.3 Million stolen credit cards from making transactions in the Apple App store, and blocked around 600,000 accounts from making transactions again. The company also mentioned that in 2021 it restricted more than 1.6 Million harmful and malicious applications and application updates from the app store. These risky apps either contained vulnerabilities that affected functioning, or restricted upgrades. 

The numbers, according to Apple, comprised over 8,35,000 problematic new applications, out of which more than 34,000 apps contained undocumented or hidden features; 1,57,000 were mentioned as spam, misleading, or copycat apps; and more than 3,40,000 apps were violating privacy. Besides this, more than 805,000 applications were restricted or blocked from the Apple store, as per the company's App Review Process. The measures meanwhile helped over 107,000 new developers launch applications in the App Store, Apple also blocked over 802,000 fake developer accounts and protected 153,000 developer applications related to scam concerns. 

In accordance with Apple's Developer Code of Conduct, developers have to be correct and truthful when showing themselves and their applications on the App Store. The code emphasizes that app developers will be removed from the Developer Program for engaging in malicious or harmful behaviour repeatedly. Customer accounts were also blocked for participating in scams and manipulating activities: amounting to 170 Million accounts. 

Besides this, more than 118 million account sign-up attempts were rejected due to suspicious potential fraud and manipulative activities. "Apple also says it took action against fraudulent ratings and reviews in the App Store. Out of over 1 billion such entries processed in 2021, more than 94 million reviews and 170 million ratings were blocked from being published. The company also removed an additional 610,000 reviews," reports the Security Week.

Synology Alerts Users of Severe Netatalk Bugs in Multiple Devices

Synology warned its customers that few of its network-attached storage (NAS) appliances are vulnerable to cyberattacks compromising various critical Netatalk vulnerabilities. Various vulnerabilities allow remote hackers to access critical information and may execute arbitrary code through a vulnerable variant of Synology Router Manager and DiskStation Manager (DSM). 

Netatalk is an Apple Filing Protocol (AFP) open-source platform that lets devices running on *NIX/*BSD work as AppleShare file servers (AFP) for Mac OS users for viewing files stored on Synology NAS devices. 

The development team of Netatalk fixed the patches in version 3.1.1, issued in March, following the Pwn2Own hacking competition in 2021. The vulnerabilities were first found and exploited in the competition. The EDG team of the NCC group exploited the vulnerability rated 9.8/10 severity score and tracked as CVE-2022-23121 to deploy remote code execution without verification on a Western Digital PR4100 NAS that runs on My Cloud OS firmware during the Pwn2Own competition. Synology mentioned three vulnerabilities in the latest warning- CVE-2022-23125, CVE-2022-23122, CVE-2022-0194, all three having high severity ratings. 

They are also letting malicious hackers deploy arbitrary codes on unfixed devices. The Netatalk development team released the security patches to resolve the issues in April, even then according to Synology, the releases for some affected devices are still in process. The NAS maker hasn't given any fixed timeline for future updates, according to Synology, it usually releases security patches for any impacted software within 90 days of publishing advisories. "

QNAP said the Netatalk vulnerabilities impact multiple QTS and QuTS hero operating system versions and QuTScloud, the company's cloud-optimized NAS operating system. Like Synology, QNAP has already released patches for one of the affected OS versions, with fixes already available for appliances running QTS 4.5.4.2012 build 20220419 and later," reports Bleeping Computers.

Google Announces Privacy Sandbox on Android to Restrict Sharing of User Data

 

Google announced on Wednesday that it will extend its Privacy Sandbox activities to Android in an effort to broaden its privacy-focused, but less disruptive, advertising technologies beyond the desktop web. To that aim, Google stated it will work on solutions that prohibit cross-app tracking, similar to Apple's App Tracking Transparency (ATT) framework, essentially restricting the exchange of user data with third parties as well as removing identifiers like advertising IDs from mobile devices. 

Anthony Chavez, vice president of product management for Android security and privacy, stated, "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk." 

Google's Privacy Sandbox, which was announced in 2019, is a collection of technologies that will phase out third-party cookies and limit covert monitoring, such as fingerprinting, by reducing the number of information sites that can access to keep track of users online behavior. 

The Alphabet Inc. company, which makes the majority of its revenue from advertising, says it can safeguard phone users' data while still providing marketers and app developers with new technology to deliver targeted promotions and measure outcomes. According to Anthony Chavez, vice president of product management for Android Security & Privacy, the proposed tools for the Android mobile operating system would limit the app makers' ability to share a person's information with third parties and prohibit data monitoring across several apps. Google stated the tools would be available in beta by the end of 2022, followed by "scaled testing" in 2023. Chavez said in an interview that the best path forward is an approach “that improves user privacy and a healthy mobile app ecosystem. We need to build new technologies that provide user privacy by default while supporting these key advertising capabilities." 

Google is aiming to strike a balance between the financial needs of developers and marketers and the expanding demands of privacy-conscious consumers and regulators. The company is gathering feedback on the proposal, similar to how its Privacy Sandbox effort is gradually building a new online browsing privacy standard. Google's initial idea was met with derision from UK authorities and lawmakers, but the corporation has subsequently proposed serving adverts based on themes a web user is interested in that are erased and replaced every three weeks. 

Meta Platforms Inc., the parent company of Facebook, has been at odds with Apple over the company's App Monitoring Transparency tool, which allows iPhone users to turn off tracking across all of their apps. According to executives, Google's YouTube has taken a minor financial hit as a result of the technology. In other words, it makes it more difficult for marketers to verify whether their iPhone advertising was effective. 

According to Chavez, the Android Privacy Sandbox would enable tailored advertising based on recent "topics" of interest, and enable attribution reporting, which will tell marketers if their ad was effective.

Customers  Threatened by a Data Breach at Hong Kong's Harbour Plaza Hotel

 

Hong Kong's privacy authority is looking into a hack against the Harbour Plaza hotel company, which revealed more than 1.2 million visitors' booking information. The investigation's goal is to learn more about what kind of private details were compromised. Customers have been warned to keep an eye out for any strange activity in their accounts and to be aware of any unexpected emails, calls, or messages in the meantime. 

"The impacted data was the information of visitors who remained within these hotels," the PCPD tells ISMG. "As the investigations into the cyberattack are ongoing," the PCPD told ISMG, declining to specify the type of hack, the threat actor involved, or the data compromised. 

According to Harbour Plaza's statement, the Hong Kong Police was also notified along with certain other relevant authorities. The company has hired an undisclosed third-party cybersecurity forensics agency to investigate and control the problem, as well as improve its security perimeter in the future. 

According to the company's FAQs about the data leak, those who are affected will be alerted. Customers should be "extra cautious against scamming or other attempted schemes," according to the hotel firm, which says "lodging reservation databases" were impacted. It indicates possible information such as a customer's name, email address, phone number, reservation, and stay details may have been hacked. 

Inquiry into the data leak at online retailer HKTVmall 

Separately, the PCPD is looking into a case involving HKTVmall, a well-known shopping and entertainment platform run by Hong Kong Technology Venture Co. Ltd. 

The security breach has endangered the personal details of a "small fraction" of HKTV Co. Ltd.'s 4.38 million registered customers, according to a statement made on Feb. 4. According to the notice, the connected server was in an "other Asian" country. 

According to the company, it promptly notified the Hong Kong Police or the PCPD, and hired two cybercrime firms on January 27 "to conduct an investigation and further enhance HKTVmall's server security measures." 

Customer data that may have been obtained by an unauthorized person, according to HKTVmall, includes:

  • Account names which have been registered.
  • Login passwords which are encrypted and masked.
  • Email addresses which have been registered and that can be contacted. 
  • Names of recipients, shipping addresses, and contact numbers for orders placed between December 2014 and September 2018.
  • Clients who have connected their HKTVmall account to a Facebook account or an Apple ID have the date of birth, official name, and email accounts for Facebook accounts and Apple IDs.

An Israeli Spy Agency, QuaDream, Hacks Devices 

 

According to Reuters, an Apple software loop exploited by Israeli spy firm NSO Group to hack access iPhones in 2021 was also targeted by a competitor at the same time. 

The two companies QuaDream got the capacity to remotely hack into iPhones, compromising the smartphones without the user clicking on a malicious link. The fact the two firms employed the same advanced 'zero-click' hacking technique suggests that cellphones are more prone to digital espionage than the industry admits. 

The two organizations utilized ForcedEntry software exploits to steal iPhones. In the context, it's worth noting that an exploit is a piece of computer code that takes advantage of a set of unique software flaws to provide a hacker unauthorized access to data. 

"People want to feel they're safe, and telecommunications companies want the user to assume they're safe," stated Dave Aitel, a cybersecurity partner at Cordyceps Systems. 

Some notable Israelis have been attacked with Pegasus, according to a recent revelation from the Israeli publication Calcalist, including a son of former Prime Minister Benjamin Netanyahu. "CEOs of government ministries, news reporters, tycoons, corporate executives, mayors, social activists, and even the Prime Minister's relatives were all police targets," according to Calcalist. "Phones were hacked by NSO's spyware prior to any research even opening and without any judicial authorization." 

Some of QuaDream's clients overlapped with NSO Group's  implying that the buyers utilized Pegasus and REIGN for surveillance, specifically targeting political opponents. Surprisingly, the two cyberweapon's techniques were so identical when Apple patched the security weakness, it didn't make a difference. 

Spyware firms have long claimed to sell high-powered technologies to assist governments in combating national security threats. Human rights organizations and journalists, on the other hand, have reported the use of spyware to harm civil society, discredit political opposition, and sabotage elections on numerous occasions. 

Pegasus was also recently discovered on the devices of Finland's diplomatic corps working outside the nation, according to Finnish officials, as well as of a wide-ranging espionage campaign. Pegasus was allegedly installed on the iPhones of at least nine US State Department workers.

New Safari Vulnerability Could have given Attackers Access to Your Mac Webcam

 

Apple has awarded a cybersecurity student $100,500 (roughly Rs 75,54,000) in bounty rewards for finding a bug in Apple’s macOS, which enabled malicious actors to access the victims’ logged-in online accounts and even get into their webcams. 

Ryan Pickren, reported the flaw to Apple last summer, and was patched earlier this month. Pickren is no stranger to Apple bugs, as he uncovered an iPhone and Mac camera vulnerability earlier in April 2020. Now, he has exposed another Mac webcam bug that allows attackers to breach into the device and access sensitive user information. 

According to a report by AppleInsider, this Apple Mac webcam bug was related to a series of issues with iCloud and Safari browser. 

The vulnerability grants the hacker "full access to every website you've visited in Safari, meaning that if you're visiting my evil website on one tab, and then your other tab, you have Twitter open, I can jump into that tab and do everything you can from that screen. So, it does allow me to fully perform an account takeover on every website you visited in Safari," Pickren explained in a blog post. 

According to Pickren, it all began with exploiting the Safari browser (Safari v15 when he attempted this) and gaining access to the webarchive files. Webarchives are local storage for the Safari browser where it saves local copies of websites to open them faster. This wouldn’t be a problem, were it not for the simple fact that the downloaded files could later be altered by the author. So, a victim could download an innocent .PNG file, only to have it transform into a malicious webarchive file. 

“In essence, the victim has given the attacker permission to plant a polymorphic file onto their machine and the permission to remotely launch it at any moment. Yikes. Agreed to view my PNG file yesterday? Well, today it's an executable binary that will be automatically launched whenever I want,” Picker explained in a further blog post.

To open the webarchive file, Pickren further explains, he needed to bypass the Gatekeeper restriction, which turned out to be relatively simple. He used a fileloc to point to a local app (a technique known as Arbitrary File Execution) which was a great example of how even with macOS Gatekeeper enabled, an attacker could trick approved apps into performing malicious tasks 

Typically, researchers disclose the exploits after the company has fixed the issue, which explains why Pickren is posting about this now. The reason is to ensure that the flaw is patched before attackers can start exploiting it.