SecureMac, Inc.

Checklist 423: Less Consumer Protection and More OS Updates

May 16, 2025

CFPB scraps data broker rules as Apple rolls out major OS updates fixing 100+ security flaws—privacy is still up to you. Update now, stay safe.

Less Consumer Protection and More OS Updates

Checklist 423: Less Consumer Protection and More OS Updates

U.S. Data Protection Rollback: CFPB Kills Plan to Rein in Data Brokers

In a quiet but significant reversal, the Consumer Financial Protection Bureau (CFPB) has abandoned a proposed rule that would have limited the sale of Americans’ sensitive personal data by data brokers. The proposal—announced just last December—sought to require brokers to obtain consent before selling information like financial records, credit history, and even Social Security numbers. But under new leadership, the agency has withdrawn the plan, citing a reinterpretation of its regulatory authority.

CFPB U-Turn on Data Privacy

Originally introduced to combat what the CFPB called “commercial surveillance practices that threaten our personal safety and undermine America’s national security,” the rule titled Protecting Americans from Harmful Data Broker Practices has now been shelved. Acting director Russell Vought stated the proposal was being pulled “in light of updates to Bureau policies” and no longer aligns with the agency’s current interpretation of the Fair Credit Reporting Act (FCRA), which is undergoing internal revision.

Public Response Ignored

The move comes despite significant public interest—over 600 public comments were submitted earlier this year, with most expressing concern over the unchecked trade of personal data. As Wired reported, the rule didn’t even ban data sales outright; it simply aimed to enforce transparency and consent. Critics see the CFPB’s reversal as a troubling signal that the agency is backing away from its core mission of consumer protection.

“Data brokers weren’t even going to be barred… they just had to have permission,” one commentator noted, underscoring the modest nature of the original proposal.

A Billion-Dollar Black Box

Data brokers have long operated in a largely unregulated landscape. The industry, valued in the billions, trades in extensive, often invisible profiles on nearly every American. These dossiers can include:

  • Exact location history
  • Financial information
  • Political and religious affiliations
    Social Security numbers

The information is typically resold to marketers, insurers, and sometimes even law enforcement agencies—often without individuals’ knowledge or consent.

Wired quotes the Electronic Frontier Foundation’s Lena Cohen as describing the sector as “the wild west of unregulated surveillance.” Last year’s breach involving a data broker’s loss of approximately 2.7 billion records further highlighted the stakes. That incident exposed data possibly covering nearly every resident of Canada, the UK, and the U.S.

What Now? Self-Defense

With official oversight fading, personal vigilance remains the primary line of defense. The Checklist podcast reiterates several key strategies for safeguarding your information:

  • Monitor credit reports regularly and report any anomalies. Alert Equifax, Experian, and TransUnion promptly.
  • Consider a credit freeze to prevent unauthorized accounts from being opened in your name.
  • Use identity theft protection services, which can also help scrub personal data from public listings—though at a cost.
  • Adopt a password manager to create and store strong, unique passwords for each service.
  • Enable two-factor authentication, avoiding SMS when possible.
  • Stay alert for phishing attacks, especially as your data could be circulating in unknown hands.

The CFPB’s decision to halt its data broker rule represents a setback for digital privacy advocates and everyday consumers alike. While the Bureau offers no timeline for potential future action, the current message is clear: for now, Americans are largely on their own when it comes to protecting their personal data.

Apple Rolls Out Security-Heavy Updates Across All Platforms

Apple has released a broad slate of operating system updates this week, with a strong emphasis on privacy and security. The updates cover iPhones, iPads, Macs, Apple Watches, Apple TVs, and even the Vision Pro headset. While the new feature set may seem modest, the security enhancements are significant—with dozens of vulnerabilities patched across the Apple ecosystem.

iOS & iPadOS 18.5: Privacy-Forward Features and a Historic First

Release Highlights:

  • Buy with iPhone expands to Apple TV on third-party devices, reducing the number of platforms storing user payment data.
  • Satellite support now covers the entire iPhone 13 line, enhancing emergency communication for users off the grid.
  • Parental notifications for Screen Time passcode entries add a layer of child safety oversight.
  • 31 security fixes, including the first-ever patch for Apple’s C1 modem (exclusive to iPhone 16e), addressing a baseband flaw that could allow attackers in privileged network positions to intercept traffic.

“None of the vulnerabilities fixed [this week] were known to have been actively exploited,” according to MacRumors.

Older iPads that don’t support iPadOS 18 also received a critical security patch via iPadOS 17.7.7, covering 29 vulnerabilities.

macOS 15.5: Enhancements & 46 Security Fixes

The new macOS Sequoia 15.5 delivers under-the-hood improvements and fixes, particularly:

  • Notification support for Screen Time passcode use on child devices.
  • 46 security vulnerabilities patched in the latest version.

Apple also issued backward-compatible security updates:

  • macOS Sonoma 14.7.6: 31 vulnerabilities fixed
  • macOS Ventura 13.7.6: 29 vulnerabilities addressed

watchOS 11.5: Small Feature, Big Security Fixes

The Apple Watch update brings a minor new feature—Buy with Apple Watch in third-party Apple TV apps—but makes a big security splash with 21 vulnerabilities resolved.

tvOS 18.5: Home Theater and Privacy Fixes

Updates for Apple TV included:

  • Fixes for syncing and wireless speaker issues
  • 22 vulnerabilities patched

visionOS 2.5: Virtual Reality, Real Security

Even Apple’s newest platform, the Vision Pro headset, received its due. visionOS 2.5 addressed 23 vulnerabilities, reinforcing the security framework for the high-end AR/VR system.

If you haven’t already updated your Apple devices, now’s the time. From zero-day defense to enhanced parental controls, Apple’s latest updates emphasize one thing above all: your security is still your responsibility—so patch up.

“I’ve had no issues with any of the OS updates,” notes the host, “nor have I heard of any issues, so—please—update your stuff.”

Filed under Security News, The Checklist Podcast by SecureMac

Latest Security News

Get the latest security news and deals