#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: iPhone

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

July 07, 2022Ravie Lakshmanan
Apple on Wednesday announced it plans to introduce an enhanced security setting called  Lockdown Mode  in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as  Pegasus ,  DevilsTongue ,  Predator , and  Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple  said  in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; a
Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

June 24, 2022Ravie Lakshmanan
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, besides abusing its permissions to accessibility services on Android to keep tabs on various foreground apps used by the victims. Its modularity also enab
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

June 10, 2022Ravie Lakshmanan
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer fingerprint." "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers  said  in a  new paper   titled  "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices." The  attack  is made possible due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are continuously transmitted by modern devices to enable crucial functions such as  contact tracing  during public health emergencies. The hardwa
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

February 11, 2022Ravie Lakshmanan
Apple on Thursday released security updates for  iOS, iPadOS ,  macOS , and  Safari  to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.  "Apple is aware of a report that this issue may have been actively exploited," the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw. The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management. The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th
Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

January 13, 2022Ravie Lakshmanan
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent  denial-of-service (DoS) issue  affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its  release notes  for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation. The so-called "doorLock" vulnerability, tracked as CVE-2022-22588, affects HomeKit, the software API for connecting smart home devices to iOS applications. Should it be successfully exploited, iPhones and iPads can be sent into a crash spiral simply by changing the name of a HomeKit device to a string larger than 500,000 characters and tricking the target into accepting a malicious Home invitation. Even worse, since HomeKit device names are backed up to iClou
NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

October 25, 2021Ravie Lakshmanan
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which  publicized  the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman." The research institute did not attribute the infiltrations to a specific government. In a  statement  shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers." To date, NSO Group is believed to have leveraged at least three different iOS exploits — namely an iMessage zero-click exploit in December 2019, a  KISMET  exploit targeting iOS 13
Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

October 12, 2021Ravie Lakshmanan
Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year. The weakness, assigned the identifier  CVE-2021-30883 , concerns a memory corruption issue in the "IOMobileFrameBuffer" component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's "aware of a report that this issue may have been actively exploited." Technical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. The iPhone maker said it addressed the issue with improved memory handling. But soon after the advisory w
Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

September 04, 2021Ravie Lakshmanan
Apple is temporarily hitting the pause button on its  controversial plans  to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features," the iPhone maker  said  in a statement on its website. The announcement, however, doesn't make it clear as to the kind of inputs it would be gathering, the nature of changes it aims to devise, or how it intends to implement the system in a way that mitigates the privacy and security concerns that could arise once it's deployed. The changes were originally slated to go live with iOS 15 and macOS Monterey later this year, starting with the U.S. In
Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

April 26, 2021Ravie Lakshmanan
New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger,"  said  a team of academics from the Technical University of Darmstadt, Germany. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device." AirDrop  is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication. While this feature shows only receiver devices that are in users' contact lists by an authentication mechanism that compares an individual's phone number and email address with entrie
Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

April 21, 2021Ravie Lakshmanan
Prominent Apple supplier Quanta on Wednesday said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web. In a post shared on its deep web "Happy Blog" portal, the threat actor said it came into possession of schematics of the U.S. company's products such as MacBooks and Apple Watch by infiltrating the network of the Taiwanese manufacturer, claiming it's making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints. "Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands," the REvil operators said. "We recommend that Apple buy back the available data by May 1." Since first detected in June 2019,  REvil  (aka Sodinokibi or Sodin) has emerged as one of the most prolific ransomware-as-a-servic
Bug in Apple's Find My Feature Could've Exposed Users' Location Histories

Bug in Apple's Find My Feature Could've Exposed Users' Location Histories

March 05, 2021Ravie Lakshmanan
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby deanonymizing users. The  findings  are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple's wireless ecosystem with the goal of identifying security and privacy issues. In response to the disclosures on July 2, 2020, Apple is said to have partially addressed the issues, stated the researchers, who used their own data for the study citing privacy implications of the analysis. How Find My Works? Apple devices come with a feature called  Find My  that makes it easy for users to locate other Apple devices, including
Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

January 27, 2021Ravie Lakshmanan
Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. Reported by an anonymous researcher, the three  zero-day   flaws  — CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 — could have allowed an attacker to elevate privileges and achieve remote code execution. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them. While the privilege escalation bug in the kernel (CVE-2021-1782) was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings — dubbed a "logic issue" — were discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), permitting an attacker to achieve arbitrary code execution inside Safari. Apple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, resp
55 New Security Flaws Reported in Apple Software and Services

55 New Security Flaws Reported in Apple Software and Services

October 09, 2020Ravie Lakshmanan
A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources." The flaws meant a bad actor could easily hijack a user's iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts. The findings were  reported by Sam Curry  along with Brett Buerhaus, Ben Sadeghipo
With Its First Android app, Apple tried to Kill Android Community, But Failed Badly!

With Its First Android app, Apple tried to Kill Android Community, But Failed Badly!

September 19, 2015Khyati Jain
Are you a Die Hard Android Fan? If you are also one of those millions Android fans, for whom the brand has turned into an insane religious devotion, then Apple has something that could give you second thoughts. Apple is losing control, wants you to ditch your Android! Few days ago, Apple made its debut on Google Play Store with its First App, called " Move to iOS ", for Android Users. With its first ever Android app, Apple tried to kill Android Community and fans, But failed badly! Apple's new app works as an " Uncalled Assistance " in a manner where you have bought a new iPhone, iPad or iPod Touch and are confused about how to migrate data from your current Android device. Apple's ' Move to iOS ' app is designed to help Android users transfer their content quickly and safely from an Android device to an iOS device. The Apple App will help you in Migrating Data, like: Calendars Camera photos and videos Contacts Mail accounts Message history Web b
Photos Leaked! Here's Top Features Expected in Next iPhone Release

Photos Leaked! Here's Top Features Expected in Next iPhone Release

August 31, 2015Swati Khandelwal
Only 9 days are left for Apple's annual new iPhone launch event, where the company will bring its various new products but the obvious stars of the show will be the iPhone 6s and the iPhone 6s Plus . The company has not officially announced the iPhone 6S and iPhone 6S Plus yet, but a series of new, high-resolution photographs obtained by 9to5Mac show some new features coming to its next-generation iPhone. The new iPhones – likely called the iPhone 6S and 6S Plus – will be introduced at Apple's fall event on September 9. The leaked photos give us a closer look at two of the iPhone's key new features: Force Touch and a larger FaceTime camera. Here are the list of features the new iPhone 6S and iPhone 6S Plus include: Force Touch The new iPhone 6S would include Force Touch technology that Apple introduced with the Apple Watch, and haptic feedback. Here's how it works: When a user press slightly harder on the screen, sensors in the scre
Android Wear App for iPhone and iPad compatibility may Launch Soon

Android Wear App for iPhone and iPad compatibility may Launch Soon

March 04, 2015Mohit Kumar
As you may be aware, you need an Android smartphone to use an Android Wear smartwatch , but if you carry an Apple iPhone or iPad, you'll soon be able to use the same Android Wear smartwatch, without relying on unofficial third-party app support. Google is reportedly going to release its a new iOS app over to the App Store that will allow iPhone and iPad users to pair Android Wear devices such as Moto 360 and LG G Watch with their Apple products, French outlet 01net claimed . OFFICIAL ANDROID WEAR APP FOR iOS Google's new move to go cross-platform with an iOS app would expand support for the wearable platform beyond Android devices and target the potential market of tens of Millions of Apple users that may not be interested in purchasing an Apple Watch. As well as, with lower prices and strong design, a fair amount of Android Wear smartwatch demand would likely be there. The search engine giant is possibly planning to launch the Android Wear app for iOS at Google's annual develop
Is It Possible to Track Smartphone Location By Monitoring Battery Usage?

Is It Possible to Track Smartphone Location By Monitoring Battery Usage?

February 22, 2015Wang Wei
Data leaks through power consumption? Don't be surprised because security researchers have discovered a way to track your every move by looking at your Android smartphone's consumption of the battery power,even if you have GPS access unable. Researchers at Stanford University and Israeli Defense Research Group, Rafael, have developed a new technology, which they have dubbed " PowerSpy ", that have capability to gather the geolocation of Android phones by simply by measuring the battery usage of the phone over a certain time. TRACKING PERMISSION GRANTED BY-DEFAULT Unlike Wi-Fi and GPS access, the battery consumption data does not need the users' permission to be shared and is freely available to any downloaded and installed application. Therefore, this data can be used to track a phone with up to 90 percent accuracy. All an attacker would need to do is use an application — any application you download and installed onto your Android smartphone — to measu
Google Launches User-Friendly 'Inbox' App, Alternative To Gmail

Google Launches User-Friendly 'Inbox' App, Alternative To Gmail

October 24, 2014Swati Khandelwal
Google is offering its users a completely new and better experience of its mailing service. And in an effort to do this, the company has launched a new email service, an alternative to Gmail, called " Inbox " on Wednesday that aims to make email more useful and preview next-generation capabilities. Inbox will not replace Gmail, the company's popular 10-year-old email product, instead it will sit next to its Gmail service and will provide users' better organize their emails with live alerts for appointments, flight bookings and package deliveries in a more user-friendly way. "Years in the making, Inbox is by the same people who brought you Gmail, but it's not Gmail: it's a completely different type of inbox, designed to focus on what really matters," wrote Sundar Pichai, Google's senior vice president of Android , Chrome and apps, in a blog post . According to the company, the Inbox service was designed to deal with the problem of ge
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.