#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Apple | Breaking Cybersecurity News | The Hacker News

Pangu Hackers have Jailbroken iOS 12 on Apple's New iPhone XS

Pangu Hackers have Jailbroken iOS 12 on Apple's New iPhone XS
Sep 27, 2018
Bad news for Apple. The Chinese hacking team Pangu is back and has once again surprised everyone with a jailbreak for iOS 12 running on the brand-new iPhone XS. Well, that was really fast. Pangu jailbreak team has been quiet for a while, since it last released the untethered jailbreak tool for iOS 9 back in October 2015. Jailbreaking is a process of removing limitations on Apple's iOS devices so users can install third-party software not certified by Apple. Today, Android and iOS security researcher Min(Spark) Zheng shared a Tweet with two screenshots showing a working jailbreak on Apple's newly released iPhone XS with A12 Bionic chip achieved by one of the Pangu researchers. The Tweet also revealed that the iOS 12 jailbreak works by bypassing a functional PAC (Pointer authentication codes) mitigation implemented in the new Apple's A12 Bionic chip. Moreover, since the hardware of iPhone XS is very much identical to iPhone XS Max, the new iOS 12 jailbreak expl

Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers

Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers
Jul 18, 2018
There's terrible news for Apple users in China. Apple's Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy. Back in February this year, Apple moved the encryption keys and data of its Chinese iCloud users from its US servers to local servers on Chinese soil to comply with the new regulation of the Chinese government , despite concerns from human rights activists. For this Apple controversially signed a deal with Guizhou-Cloud Big Data (GCBD), a Chinese company who gained operation control over Apple's iCloud business in China earlier this year. Now, that sensitive data, which includes users' emails, text messages, pictures, and the encryption keys that protect it, has been passed on to Tianyi cloud storage service, a business venture managed by government-owned mobile operator China Telecom. In case you ar

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

All New Privacy and Security Features Coming in macOS 10.14 Mojave

All New Privacy and Security Features Coming in macOS 10.14 Mojave
Jun 05, 2018
At Worldwide Developer Conference 2018 on Monday, Apple announced the next version of its macOS operating system, and it's called Mojave . Besides introducing new features and improvements of macOS 10.14 Mojave—like Dark Mode, Group FaceTime, Dynamic Desktop, and Finder—at WWDC, Apple also revealed a bunch of new security and privacy features coming with the next major macOS update. Apple CEO Tim Cook said the new features included in Mojave are "inspired by pro users, but designed for everyone," helping you protect from various security threats. Here's a list of all macOS Mojave security and privacy features: Safari's Enhanced "Intelligent Tracking Prevention" It's no longer shocking that your online privacy is being invaded, and everything you search online is being tracked—thanks to third-party trackers present on the Internet in the form of social media like and sharing buttons that marketers and data brokers use to monitor web use

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Russia asks Apple to remove Telegram Messenger from the App Store

Russia asks Apple to remove Telegram Messenger from the App Store
May 30, 2018
Russia's communications regulator Roskomnadzor has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store. Back in April, the Russian government banned Telegram in the country for the company's refusal to hand over private encryption keys to Russian state security services to access messages sent using the secure service. However, so far, the Telegram app is still available in the Russian version of Apple's App Store. So in an effort to entirely ban Telegram, state watchdog Roskomnadzor reportedly sent a legally binding letter to Apple asking it to remove the app from its Russian App Store and block it from sending push notifications to local users who have already downloaded the app. Roskomnadzor's director Alexander Zharov said he is giving the company one month to remove the Telegram app from its App Store before the regulator enforces punishment for violations. For those unfamiliar with

Here's How to Download All the Data Apple Collects About You

Here's How to Download All the Data Apple Collects About You
May 24, 2018
Apple is making it easier for its users to download their data the company has collected about them so far. On Wednesday, Apple just launched a new Data and Privacy website that allows you to download everything that the company knows about you, from Apple ID info, device info, App Store activity, AppleCare history, your online shopping habits to all of your data stored in its iCloud. A similar feature was recently offered by Facebook, enabling its users to download all of their data , not only what they have posted, but also information like facial recognition and location data, following the Cambridge Analytica scandal . Apple has currently made this feature only available for people having accounts in European Union (along with Iceland, Liechtenstein, Norway and Switzerland), to comply with the General Data Protection Regulation (GDPR) act, which goes into effect on May 25. However, Apple is planning to roll out this feature worldwide in the coming months. "We inten

EU Antitrust Regulators Fine Qualcomm $1.2 Billion Over Apple Deal

EU Antitrust Regulators Fine Qualcomm $1.2 Billion Over Apple Deal
Jan 25, 2018
The antitrust fine has hit Qualcomm badly. The European Commission has levied a fine of €997 Million, approximately $1.2 Billion, against U.S. chipmaker Qualcomm Inc. for violating antitrust laws in a series of deals with Apple by "abusing its market dominance in LTE baseband chipsets." According to the European Union (EU), Qualcomm paid Apple billions of dollars to make the iPhone-maker exclusively use its 4G chips in all its iPhones and iPads, reducing competition from other competing manufacturers in the LTE baseband chip industry like Intel. The European Commission launched an investigation in 2015, which revealed that Qualcomm abused its market dominance in LTE baseband chipsets and struck a deal with Apple in 2011, which meant the iPhone maker would have to repay Qualcomm if it decided to use a rival's chipsets until the end of 2016, hurting innovation in the chip sector. "This meant that no rival could effectively challenge Qualcomm in this market,

Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak

Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak
Dec 12, 2017
As promised last week , Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption vulnerabilities in the kernel, the core of the operating system. Here, " tfp0 " stands for " task for pid 0 " or the kernel task port—which gives users full control over the core of the operating system. The Project Zero researcher responsibly reported these vulnerabilities to Apple in October, which were patched by the company with the release of iOS 11.2 on 2nd December. While Beer says he has successfully tested his proof of concept exploit on the iPhone 6s and 7, and iPod Touch 6G, he believes that his exploit should work on all 64-bit Apple devices.

macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password

macOS High Sierra Bug Lets Anyone Gain Root Access Without a Password
Nov 29, 2017
If you own a Mac computer and run the latest version of Apple's operating system, macOS High Sierra, then you need to be extra careful with your computer. A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk. Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter "root" into the username field, leave the password blank, and hit the Enter a few times—and Voila! In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as "root," without actually typing any password. Needless to say, this blindingly easy Mac exploit really scary stuff. This vulner

Judge: FBI Doesn't Have to Reveal How It Unlocked iPhone Used by San Bernardino Terrorist

Judge: FBI Doesn't Have to Reveal How It Unlocked iPhone Used by San Bernardino Terrorist
Oct 02, 2017
Remember the infamous encryption fight between the FBI and Apple for unlocking an iPhone belonging to terrorist Syed Farook behind the San Bernardino 2015 mass shooting that killed 14 people? The same Apple vs. FBI case where Apple refused to help feds access data on the locked iPhone and, later the Federal Bureau of Investigation reportedly paid over a million dollars to a vendor for unlocking the shooter's iPhone. For keeping the iPhone hack secret, three news organizations—The Associated Press, USA Today, and Vice Media—sued the FBI last year under the Freedom of Information Act (FOIA) and forced the agency to reveal the name of the company and the amount it was paid to unlock the iPhone . However, unfortunately, they failed. A US federal judge ruled Saturday that the FBI does not have to disclose the name of or how much it paid a private company for an  iPhone hacking tool that unlocked Farook's iPhone. Apple vs. FBI was one of the biggest legal battles in

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack
Sep 27, 2017
You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit. This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks. The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the victim's iPhone remotely. All they need is the iPhone's MAC address or network-port ID. And since obtaining the MAC address of a connec

Apple removes VPN Apps from the China App Store

Apple removes VPN Apps from the China App Store
Jul 29, 2017
In order to comply with Chinese censorship law , Apple has started removing all virtual private network (VPN) apps from the App Store in China, making it harder for internet users to bypass its Great Firewall. VPN service providers that provide services in China has accused the United States tech giant of complying with Chinese stringent cyberspace regulations. In a blog post , the developers of ExpressVPN reported that Apple informed them that their VPN app had been pulled from the company's Chinese App Store, and it seems all major VPN clients have received the same notice from Apple. China has strict Internet censorship laws through the Great Firewall of China – the country's Golden Shield project that employs a variety of tricks to censor Internet and block access to major foreign websites in the country. The Great Firewall is already blocking some 171 out of the world's 1,000 top websites, including Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money
Jun 13, 2017
In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone. But has all this money gone to the legitimate app developers? Probably not, as app developer Johnny Lin last week analyzed the Apple's App Store and discovered that most of the trending apps on the app store are completely fake and are earning their makers hundreds of thousands of dollars through in-app purchases and subscriptions. Scammers Use 'Search Ads' Platform to Boost App Ranking Shady developers are abusing Apple's relatively new and immature App Store Search Ads, which was launched at last year's Worldwide Developers Conference (WWDC), to promote their app in the store by using a few strategically chosen search ads and a bit of SEO. "They're taking advantage of the fact that there's no filtering or approval process for ads, and

22 Apple Distributors Arrested for Selling Customers' Data in $7.4 Million

22 Apple Distributors Arrested for Selling Customers’ Data in $7.4 Million
Jun 08, 2017
Image Source: South China Morning Post Chinese authorities have announced the arrest of around 22 distributors working as Apple distributors as part of a $7 million operation, who stole customers' personal information from an internal Apple database and illegally sold it to Chinese black market vendors. According to a report from Chinese media , this underground network reportedly consisted of employees working in direct Apple suppliers, and other outsource firms in the Zhejiang, a province in eastern China. These employees had access to Apple databases along with other tools containing sensitive information about its customers. They allegedly used their company's internal computer system to gather data includes usernames, email addresses, phone numbers, and Apple IDs, and then sold it in the underground market for between 10 yuan ($1.47) and 80 yuan ($11.78) per data point. So far, the network has made a total of 50 million yuan (around $7.36 million). However, it is

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi
Apr 04, 2017
Note:  We have published a follow-up article with more technical details about this vulnerability which resides in Broadcom WiFi SoC equipped not only in Apple devices, but also in Android devices from various manufacturers. Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to "execute arbitrary code on the Wi-Fi chip." The vulnerability, identified as CVE-2017-6975, was discovered by Google's Project Zero staffer Gal Beniamini, who noted on Twitter that more information about the flaw would be provided tomorrow. Apple also did not provide any technical details on the flaw, but urged Apple iPhone, iPad and iPod Touch users to update their devices as soon a possible. In the security note accompanying iOS 10.3.1, Apple describes the issue as a stack buffer overflow vuln

7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files

7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files
Mar 10, 2017
This week WikiLeaks published "Vault 7" — a roughly 8,761 documents and files claiming to detail surveillance tools and tactics of the Central Intelligence Agency (CIA). The leak outlined a broad range of flaws in smartphones and other devices that the agency uses to intercept communications and spy on its targets, making even China and Germany worried about the CIA's ability to hack all manner of devices. While WikiLeaks promised the "Vault 7" release is less than one percent of its 'Year Zero' disclosure, and there's more to come, we are here with some new developments on the CIA leak. But, before knowing about the latest developments in the CIA hacking tool leak, I would suggest you read my previous piece to know 10 important things about 'WikiLeaks-CIA Leak .' We believe the US intelligence agencies have access to much bigger technical resources and cyber capabilities than the leak exposed in the leak. The dump so far just

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature

How A Bug Hunter Forced Apple to Completely Remove A Newly Launched Feature
Jan 20, 2017
Recently Apple released a new Feature for iPhone and iPad users, but it was so buggy that the company had no option other than rolling back the feature completely. In November, Apple introduced a new App Store feature, dubbed " Notify " button — a bright orange button that users can click if they want to be alerted via iCloud Mail when any game or app becomes available on the App Store. Vulnerability Lab's Benjamin Kunz Mejri discovered multiple vulnerabilities in iTunes's Notify feature and iCloud mail, which could allow an attacker to infect other Apple users with malware. "Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent redirect to external sources and persistent manipulation of affected or connected service module context," Mejri wrote in an advisory published Monday. Here's How the Attack Works? The attack involves exploitation of three vulnerabilities via iTunes and th

Russia Wants Apple to Unlock iPhone belonging to Killer of Russian Ambassador

Russia Wants Apple to Unlock iPhone belonging to Killer of Russian Ambassador
Dec 22, 2016
You might have also seen a viral video of the assassination of the Russian ambassador to Turkey that quickly spread through the Internet worldwide. Russian Ambassador Andrei Karlov was shot dead by an off-duty police officer in Ankara on December 19 when the ambassador was giving a speech at an art gallery. The shooter managed to pretend himself as his official bodyguard and later shot to death by Turkish special forces. After this shocking incident, Apple has been asked to help unlock an iPhone 4S recovered from the shooter, which could again spark up battle similar to the one between Apple and the FBI earlier this year. Turkish and Russian authorities have asked Apple to help them bypass the PIN code on an iPhone 4S, which, the authorities believe, could assist them to investigate killer's links to various terrorist organizations. Apple is expected to refuse the request, but according to MacReports and other local media, the Russian government is reportedly sending

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off
Nov 18, 2016
In the fight against encryption , Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products. However, a new report from a security firm suggests Apple's online syncing service iCloud secretly stores logs of its users' private information for as long as four months — even when iCloud backup is switched off. Russian digital forensics firm Elcomsoft discovered that Apple's mobile devices automatically send its users' call history to the company's servers if iCloud is enabled, and stored that data for up to four months. And it turns out that there is no way for iCloud users to stop this phone call syncing service unless they completely disable the cloud synchronization feature. Elcomsoft, which sells software to extract data from Apple's iCloud backups and works with police and intelligence agencies,
Cybersecurity Resources