Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. π¦πΊ Apple is testing an enhancement to its child protection features in Australia β when Apple’s existing opt-in nudity detection AI feature flags an image as potentially problematic, a new option appears to allow […]
Continue readingTag: zero-day
Security Bits β 2024 May 26
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Attackers are continuing to compromise Google ads, and they’re now targeting apps in the news as well as developer & sysadmin tools: Arc browserβs Windows launch targeted by Google ads malvertising β www.bleepingcomputer.com/β¦ Ransomware […]
Continue readingSecurity Bits β 3 January 2024 (Bart & Jill from the North Woods)
Deep Dive β Operation Triangulation TL;DR β Kaspersky labs have discovered that they, and Russian government officials, were targeted by very advanced iOS malware that completely took over iOS devices for the last 4 years. Apple have patched all the exploited vulnerabilities, regular users were not targeted, and Kaspersky say there is not enough evidence […]
Continue readingSecurity Bits β 23 December 2022 🎄
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Apple have released their opt-in new Advanced Data Protection for iCloud , but only in the US for now β appleinsider.com/β¦ At least initially, enabling ADP could complicate the setup of new devices […]
Continue readingSecurity Bits β 2 October 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇦 🇷🇺 To comply with international sanctions on Russia over its invasion and annexation of Ukraine, Apple have removed a major Russian app from VK from all app stores β appleinsider.com/β¦ Deep Dive β […]
Continue readingSecurity Bits β 11 July 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The Western Digital story from last time has continued to evolve: More devices are affected: Another 0-Day Looms for Many Western Digital Users β Krebs on Security β krebsonsecurity.com/β¦ But there have also been […]
Continue readingSecurity Bits β 19 April 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Correction: β the microphone cut-off switch in the new iPad Pros is not a physical disconnect, but it is completely independent of iOS and can’t be affected by malware because it’s in the T2 […]
Continue readingSecurity Bits β 8 September 2019
Followup Apple draws a line under the ‘Siri Grading’ kerfuffle with a a public letter apologising for not reaching their own high standards, explaining how Siri protects user privacy, and outline some changes to how grading will be carried out in future β www.apple.com/β¦ Apple send as little as possible data to Siri, using on-device […]
Continue readingSecurity Bits – Zero-Day on macOS, Facebook Rates User Trustworthiness, Facebook’s VPN Was Tracking Users, Excessive Google Tracking, Teenager Hacks Apple
Followups More speculation-based flaws in Intel Chips (Editorial by Bart: as with other recent Spectre/Meltdown variants, there’s no need for home users to panic, just keep your OSes patched. It’s cloud providers that really need to worry about these flaws.) L1 Terminal Fault AKA L1TF β Intel have released mitigations, and they don’t have significant […]
Continue readingSecurity Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit
Security Medium 1 β Canvas Fingerprinting Before we look at canvas finger printing, I just want to set the scene with a reminder of one of the most fundamental truths about how the web was designed β each web page load is an independent event. Because that meant websites had no memory of anything that […]
Continue reading