Oligo also notes that many of the vulnerable devices have microphones and could be turned into listening devices for espionage. The researchers did not go so far as to create proof-of-concept malware for any particular target that would demonstrate that trick. Oligo says it warned Apple about its AirBorne findings in the late fall and… Read More »
All three of the ChoiceJacking techniques defeat Android juice-jacking mitigations. One of them also works against those defenses in Apple devices. In all three, the charger acts as a USB host to trigger the confirmation prompt on the targeted phone. The attacks then exploit various weaknesses in the OS that allow the charger to autonomously… Read More »
Apple on Tuesday patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports and said it may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS. The vulnerability, tracked as CVE-2025-24201, resides in Webkit, the browser engine driving Safari and all other browsers… Read More »
Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was that passkey implementations tend to lock users into whatever platform they used to create the credential. An example: When using Chrome on an iPhone, passkeys were saved to… Read More »
“These enhanced features add to this malware family’s previously known capabilities, like targeting digital wallets, collecting data from the Notes app, and exfiltrating system information and files,” Microsoft wrote. XCSSET contains multiple modules for collecting and exfiltrating sensitive data from infected devices. Microsoft Defender for Endpoint on Mac now detects the new XCSSET variant, and… Read More »
Thomas Reed, staff product manager for Mac endpoint detection and response at security firm Huntress, and an expert in iOS security, said he found NowSecure’s findings concerning. “ATS being disabled is generally a bad idea,” he wrote in an online interview. “That essentially allows the app to communicate via insecure protocols, like HTTP. Apple does… Read More »
Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip… Read More »
The European Commission (EC) has opened an antitrust investigation into US-based glass-maker Corning, claiming that its Gorilla Glass has dominated the mobile phone screen market due to restrictive deals and licensing. Corning’s shatter-resistant alkali-aluminosilicate glass keeps its place atop the market, according to the EC’s announcement, because it both demands, and rewards with rebates, device… Read More »
Both operating systems will display a list of apps and whether they are permitted access always, never, only while the app is in use, or to prompt for permission each time. Both also allow users to choose whether the app sees precise locations down to a few feet or only a coarse-grained location. For most… Read More »
Benj Edwards / OpenAI / Microsoft reader comments 73 Microsoft has withdrawn from its non-voting observer role on OpenAI’s board, while Apple has opted not to take a similar position, reports Axios and Financial Times. The ChatGPT maker plans to update its business partners and investors through regular meetings instead of board representation. The development… Read More »