The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: iPhone

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

July 07, 2022Ravie Lakshmanan
Apple on Wednesday announced it plans to introduce an enhanced security setting called  Lockdown Mode  in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks." The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as  Pegasus ,  DevilsTongue ,  Predator , and  Hermit . Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple  said  in a statement. This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time ( JIT ) JavaScript compilation; removing support for shared albums in Photos; a
Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

June 24, 2022Ravie Lakshmanan
A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in  Google Play Protect  — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat Analysis Group (TAG)  said  in a Thursday report. Hermit, the work of an Italian vendor named RCS Lab, was  documented  by Lookout last week, calling out its modular feature-set and its abilities to harvest sensitive information such as call logs, contacts, photos, precise location, and SMS messages. Once the threat has thoroughly insinuated itself into a device, it's also equipped to record audio and make and redirect phone calls, besides abusing its permissions to accessibility services on Android to keep tabs on various foreground apps used by the victims. Its modularity also enab
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

June 10, 2022Ravie Lakshmanan
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer fingerprint." "To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers  said  in a  new paper   titled  "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices." The  attack  is made possible due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are continuously transmitted by modern devices to enable crucial functions such as  contact tracing  during public health emergencies. The hardwa
Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

February 10, 2022Ravie Lakshmanan
Apple on Thursday released security updates for  iOS, iPadOS ,  macOS , and  Safari  to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.  "Apple is aware of a report that this issue may have been actively exploited," the company said in a terse statement acknowledging in-the-wild attacks leveraging the flaw. The iPhone maker credited an anonymous researcher for discovering and reporting the flaw, adding it remediated the issue with improved memory management. The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th
Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

January 12, 2022Ravie Lakshmanan
Apple on Wednesday rolled out software updates for iOS and iPadOS to remediate a persistent  denial-of-service (DoS) issue  affecting the HomeKit smart home framework that could be potentially exploited to launch ransomware-like attacks targeting the devices. The iPhone maker, in its  release notes  for iOS and iPadOS 15.2.1, termed it as a "resource exhaustion issue" that could be triggered when processing a maliciously crafted HomeKit accessory name, adding it addressed the bug with improved validation. The so-called "doorLock" vulnerability, tracked as CVE-2022-22588, affects HomeKit, the software API for connecting smart home devices to iOS applications. Should it be successfully exploited, iPhones and iPads can be sent into a crash spiral simply by changing the name of a HomeKit device to a string larger than 500,000 characters and tricking the target into accepting a malicious Home invitation. Even worse, since HomeKit device names are backed up to iClou
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.