Patched iOS vulnerability would have let users seize control of iPhones over Wi-Fi

By

Airdrop ios iPad iPhone
Vulnerability relied on the tech that makes AirDrop work
Photo: Charlie Sorrel/Cult of Mac

A security vulnerability patched by Apple earlier this year could have allowed users to remote access an entire iPhone over Wi-Fi without the need for any user interaction, a security researcher has revealed.

Ian Beer, a researcher at Google’s vulnerability research unit Project Zero, shared details of the vulnerability Tuesday. He spent six months developing proof-of-concept exploits to prove its effectiveness. Fortunately, he doesn’t believe a similar exploit was ever utilized by hackers in the wild.

Apple offers up to $1.5 million to anyone who spots a software flaw

By

Apple offers up to $1.5 million to anyone who spots a software flaw
White hat hackers assemble!
Photo: United Artists

Spotted a vulnerability in Apple software, but not among Cupertino’s chosen developers tasked with seeking out bugs? No problem. As of today, Apple’s $1.5 million bug bounty program is available everyone who wants to participate. Previously, it was only open to a select few.

The bug bounty means people can earn up to 7-figures for finding weaknesses in Apple software. These could otherwise be exploited by nefarious hackers.

iOS 13.1.1 arrives with fixes for battery drain and keyboard security flaw

By

iOS 13 on an iPhone X
You should install the new update ASAP.
Photo: Ian Fuchs/Cult of Mac

Apple put out yet another iOS 13 update this morning to fix some major bugs, just over a week after the huge update for iPads and iPhones was released to the public.

iOS 13.1.1 and iPadOS 13.1.1 address a major security issue that allowed third-party keyboard apps to have network access. The flaw could have allowed keyboards to track what you type, including usernames and passwords, and send them to a remote server. Anyone that’s running iOS 13 of iOS 13.1 should update ASAP.

iOS 13 bug exposes all your saved passwords

By

holding iPhone with
There's a bug in the latest version of iOS 13's beta.
Photo: Ian Fuchs/Cult of Mac

Users have discovered a bug in the iOS 13 beta which makes it easy for people to access the “Website & App Passwords” data in Settings.

The security flaw makes it simple to bypass the biometric authentication section in Settings when accessing your iCloud Keychain passwords.

Signal for Mac messages set to disappear don’t always go away

By

macOS Notification Center is a security flaw for Signal for Mac
The Notification Center copies and stores messages from Signal for Mac, even if the text is set to disappear.
Screenshot: Patrick Wardle

One of the most appreciated features of Signal for Mac is that messages sent by this communication app can be set to automatically erase themselves. However, security researchers have found a flaw in the system.

The problem comes from the notifications macOS provides for incoming Signal messages.

Security firm offers $500,000 to anyone who can find iOS security flaws

By

Apple takes a hacksaw to estimated trade-in values for its devices
There's money in discovering iOS flaws, it seems!
Photo: Pictures of Money/Flickr CC

Tech security company Exodus Intelligence is offering $500,000 to anyone who can discover and share with them critical holes which exist in iOS 9.3 and above — as well as smaller (but still significant) sums to anyone finding bugs in Google Chrome, Microsoft Edge and Adobe Flash.

iMessage and WhatsApp security flaw means deleted chat logs aren’t really erased

By

Messages iOS 10
Your deleted chat logs could come back to haunt you.
Photo: Apple

WhatsApp and iMessage may be examples of end-to-end encryption in action, but there are still potential security flaws which can leave your data exposed.

As discovered by iOS researcher Jonathan Zdziarski, both messaging services have been found to not completely delete messages when erasing them — meaning that a person with physical access to your phone, or backups of data in the cloud, may be able to retrieve “deleted” conversations.