Flaw in Bluetooth Protocols Could Allow Tracking of iPhone, MacBook Users

Bluetooth is one of the most common wireless protocols in the world, allowing a vast range of devices to connect together for shared functionality. From playing music in your car to controlling the temperature of your flatiron, Bluetooth enables us to do many things — and as a result, Bluetooth protocols are standard on iPhones, in MacBooks, and in many other products, too. According to a new study published by researchers from Boston University, though, almost all those devices currently contain a Bluetooth flaw that can erase a user’s privacy.

Bluetooth’s …

Zoom security flaw puts you at risk (even after you uninstall)

Security researcher Jonathan Leitschuh has discovered a major vulnerability in the popular Zoom video conferencing app that could allow malicious actors to turn on your Mac’s camera without your permission.

Google Shares Details about a New macOS Vulnerability

On Friday, March 1, 2019, Google’s Project Zero announced that it had discovered a “high severity” vulnerability in Apple’s macOS operating system. The Project Zero team constantly works to find vulnerabilities in software and code from other companies and developers. When Project Zero does identify a weakness, it notifies the coder or developer behind the software. The developer then has a 90-day window to fix the issue before Project Zero announces the vulnerability to the world. In other words, Apple has known about this issue for a while and has …

Breach of Spyware Company mSpy Exposes iCloud Account Information for Millions

Apple users should consider changing their iCloud passwords after a recent breach reportedly exposed the account information of millions of people. The breach involved a company called mSpy, a spyware-as-a-service business. mSpy sells mobile and computer software that allows users to spy on their friends or family members. The software is also marketed to allow parents to see what their children are doing on their devices. However, this type of software is technically illegal and mSpy has a shady reputation.

At the end of August, security researchers Brian Krebs …

Major macOS Mail App Harbors Major Vulnerabilities

How do you manage your email? For those who receive a high volume of messages every day and depend on their email for work purposes, answering this question is essential. Most stock mail clients don’t always offer the capabilities you need from them; for that reason, many people choose to use third-party email management programs. macOS users are no exception. However, it is important to be aware that this software, like any other, can put your data at risk if the developers fail to take appropriate security measures. That appears …

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …

Apple Confirms Fixes for Major CPU Vulnerability, More on the Way

Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.

By exploiting a weakness in an advanced function within the processor, Meltdown allows …

Apple Reassures Users: Flaws in WikiLeaks/CIA Vault7 Leak Already Patched

On March 7th, WikiLeaks entered the news and made waves again by releasing almost nine thousand documents they claimed came from within the US Central Intelligence Agency. Contained in the leak was a vast range of information about the CIA’s intelligence gathering practices regarding technology. The revelations included information that the agency had undertaken spying efforts through exploiting vulnerabilities in various technologies, including some “smart” TVs and mobile operating systems. Also, contained within the documents, however, were fourteen previously undisclosed flaws in iOS. Through these flaws, an attacker could …

Newly-Discovered “Fruitfly” Backdoor Allows Remote Access to Macs

The latest item of Mac malware to be uncovered is actually not new at all; in fact, it may have been around for several years. Dubbed “Fruitfly” by Apple, this malware has some novel features. In particular, its function depends upon using both an outdated library from the late 90s, libjpeg, as well as pre-OS X system calls. Why the malware was designed to use outdated methods is unknown, but in the wake of the malware’s discovery, Apple promptly issued an update to XProtect to reduce the threat to users. …

Malvertising Hits macOS Users Through Google AdWords

With the huge number of ads present on the web today, it’s no surprise that they’re often a target and an attack vector for hackers looking for an open door. We’ve discussed malvertising here before to alert our readers to the potential threat. Now there comes word from security researchers that malvertisers executed a campaign specifically targeting macOS users early in November. This time the target was users who were hoping to install Google Chrome.

When searching for the keywords “Google Chrome,” a malicious ad purchased by the …

Apple Releases Important iOS Update to guard against Malware

iPhone and iPad users should update to the latest version of iOS as soon as possible, following the latest security update from Apple. The new patch—iOS 9.3.5—arrived on Thursday, August 25th and was dubbed by Apple as an “important security update.” It addresses dangerous malware that was recently developed in the Middle East.

Writing for ZDNet, Zack Whittaker noted that iOS 9.3.5 is a patch for three different malware vulnerabilities, not just one. Working together, security researchers Citizen Lab and Lookout discovered the vulnerabilities and notified Apple about their existence. Lookout …

Meet AceDeceiver: The First iOS Trojan Horse

Users of iOS devices should be on alert after the arrival of what looks like the first Trojan Horse malware developed for Apple’s mobile operating system. According to a post by Palo Alto Networks, this malware—which is known as AceDeceiver—is unique among other iOS threats in that it doesn’t use counterfeit enterprise certificates to gain access to your device. AceDeceiver doesn’t use an enterprise certificate at all. Rather, it manipulates a major vulnerability in Apple’s DRM (digital rights management) and uses it to install malicious apps on your phone …