As a direct reaction to this vulnerability, Apple has strengthened its security mechanism against it by including more checks with iOS 16.6, iPadOS 16.6, and macOS Ventura 13.5. In spite of this, the corporation continues to exercise extreme caution, admitting in its security warnings that there is evidence suggesting that this vulnerability may have been actively exploited. The business disclosed this information in security warnings that described the vulnerability. “Apple is aware of a report that this issue may have been actively exploited,” the company said.

A Kernel Zero-Day Bug with the Identifier CVE-2023-38606

Experts from Kaspersky discovered the second vulnerability, which was given the identifier CVE-2023-38606. If this kernel issue were exploited, it would allow attackers to “modify sensitive kernel state” on iPhones and Macs, which would give them the ability to possibly take control of these devices. The technology giant disclosed this information in security advisories explaining the vulnerability. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1,” the firm said.

The danger affects a broad variety of Apple products, such as the macOS Big Sur, Monterey, and Ventura operating systems, as well as all iPhone models beginning with the iPhone 6s and moving forward. All versions of the iPad Pro, iPad Air starting with the 3rd generation, iPad starting with the 5th generation, iPad mini starting with the 5th generation, and the iPod touch starting with the 7th generation are all susceptible.

Apple has strengthened its state management in response to this vulnerability, which the company discovered very quickly. On the other hand, the tech giant has issued a warning that versions of iOS that were launched prior to iOS 15.7.1 may have been vulnerable to this bug.

In order for users to defend themselves against these attacks, it is strongly recommended that they upgrade their devices to the most recent versions of iOS, iPadOS, and macOS as quickly as they can.

The post Two serious zero-day vulnerabilities allow hacking iPhone, iPad and Mac appeared first on Information Security Newspaper | Hacking News.

In addition, the lawsuit asserts that Apple is able to monitor user behavior across all of its applications by virtue of the fact that the data analytics it gathers have user ID numbers in common. In addition to this, it describes a scenario in which the personal information of a user is disclosed, stating that the Apple Stocks app, for instance, “discloses confidential information about a user’s investing activities or preferences to other users of the service. It communicates with Apple about the stocks that the user is seeing or following. Apple even keeps a record of the timestamps for when a user is seeing certain stocks or interacting with the Stocks app on their device.” The case continues with the following statement: “Furthermore, Apple gathers the news items that consumers read inside their mobile device.”

The allegations in the lawsuit refer to work that was completed by two separate app developers at the software business Mysk. Mysk was co-founded in November of last year by Germany-based iOS developer and “occasional security researcher” Tommy Mysk. The test allegedly “revealed that even when consumers actively change their ‘privacy settings’ and take Apple’s instructions to protect their privacy, Apple still records, tracks, collects, and monetizes consumers’ analytics data, including browsing history and activity information,” as stated in the lawsuit filed by the two individuals.

In a tweet sent out late yesterday night, the developers of the collaborative sketching software Canvas said, “Here we go, Apple is facing another lawsuit for gathering detailed statistics on the App Store, the only location to download and install programs on the iPhone.”

The post “What happens on your iPhone, never stays on your iPhone”. New privacy lawsuit against Apple for monitoring iPhone users appeared first on Information Security Newspaper | Hacking News.

In a security advisory alerting users to code execution vulnerabilities in fully patched iPhone, iPad, and macOS devices, Apple verified the vulnerability’s exploitation.

The following devices are affected:

iPhone 6s and after, all versions of the iPad Pro, iPad mini 4 and later, iPad Air 2 and later, iPad 5th generation and later,  and the 7th-generation iPod touch

Moreover, Macs using macOS Monterey 12.6 and  Big Sur 11.7

An adversary might take advantage of the CVE-2022-32917 vulnerability to execute a malicious script with kernel privileges by utilizing a specially created application.

Apple also patches a number of other bugs in these security upgrades, but the following are the most critical ones:

CVE-2022-32886: A vulnerability involving a buffer overflow was fixed by better memory management.

CVE-2022-32868: Improved state management resolved a logic flaw.

CVE-2022-32912: Improved bounds checking was used to mitigate an out-of-bounds read.

Apple also stated that it advises customers who are impacted by the vulnerability but have not yet upgraded to do so as soon as feasible.

A maliciously constructed application might take advantage of the weakness (tagged as CVE-2022-32917) to run arbitrary code with kernel privileges. An unnamed researcher discovered this issue. The apple stated, “Apple is aware of this vulnerability that  may have been actively exploited.

The post Critical zero day vulnerability in iOS and macOS affecting iPhone, iPad, iPod and Macs. Update immediately appeared first on Information Security Newspaper | Hacking News.

Although the attack sounds simple, the researchers note that a threat actor would have to overcome multiple obstacles to replicate this scenario on a commonly used device: “By their nature, Bluetooth Low Energy (BLE) wireless tracking beacons could pose a significant risk to users’ privacy. For example, an adversary could track a device by placing BLE receivers near public places and then record the presence of the user’s beacons.”

Examples of this are the BLE beacons that Microsoft and Apple added to their operating systems for functions such as tracking lost devices, connecting smartphones to wireless devices such as headphones or wireless speakers, and allowing users to switch devices easily.

The devices transmit signals at a speed close to 500 beacon signals per minute. To address security and privacy issues, many BLE proximity apps use measures such as cryptographically anonymizing and periodically rotating the identity of a mobile device on their beacons. They will routinely re-encrypt the device’s MAC address, while apps rotate identifiers so receivers can’t link beacons from the same device.

Any user could evade these obstacles by taking the device’s logs on a lower layer. Previous studies have shown that wireless transmitters have small imperfections accidentally introduced during manufacturing that are unique to each device.

Experts found that similar imperfections in Bluetooth transmitters create distortions that can be used to create a unique fingerprint. These fingerprints can be used to track devices and therefore unsuspecting users.

As mentioned above, this is not a straightforward process. To begin with, threat actors would need to isolate the target to capture the log in wireless transmissions and find the unique features of the physical layer of the Bluetooth transmitter; subsequently, hackers would require a receiver in a place where a device might be and force passive detection of the target’s Bluetooth transmissions.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Bluetooth signals on smartphones allow tracking any user’s location by exploiting BLE appeared first on Information Security Newspaper | Hacking News.

The attack would have been carried out by a group operating the LockBit 2.0 ransomware variant, and the perpetrators threaten to divulge sensitive information if the affected organization refuses to pay a ransom by June 11. It has not been confirmed whether the attack had any considerable impact on Foxconn Mexico’s routine operations, nor is the amount of the ransom demanded known.

The company has already received requests for information about the attack, although it has not commented on it.

Foxconn has already been the target of ransomware attacks before. In late 2020, the firm confirmed that one of its U.S. facilities had been attacked by the operators of the DoppelPaymer ransomware, who even leaked sensitive information on the dark web.

In that incident, the hackers also claimed to have attacked the facilities of Foxconn Mexico, in addition to demanding a ransom of more than $30 million in Bitcoin. Despite these claims, the company always maintained that only its systems in the U.S. had been affected.

Recently, LockBit 2.0 also claimed responsibility for an attack on tire and rubber giant Bridgestone Americas, stealing sensitive information and exposing it on illegal hacking forums. At the beginning of 2021, the Federal Bureau of Investigation (FBI) published a document with the main indicators of compromise of this ransomware variant, mentioning that attackers usually violate the affected networks by buying access on the dark web or exploiting zero-day vulnerabilities.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post LockBit ransomware encrypts computers at Foxconn Mexico factory, one of Apple’s largest suppliers appeared first on Information Security Newspaper | Hacking News.

These features have access to Secure Element, which stores sensitive device information and remains active on the latest iPhone models even with the phone turned off. According to specialists at the Technical University of Darmstadt, Germany, this would allow malware to be loaded onto a Bluetooth chip running on an inactive device.

The compromise of these features would allow threat actors to access protected information, including payment card details, banking information and other sensitive data. While this risk is considered real and active, the researchers acknowledge that exploiting these flaws is complex, as hackers would require loading malware onto a target iPhone when it’s turned on, which mandatory requires a remote code execution (RCE) tool.

According to the report, the bug exists because of the way Low Power Mode (LPM) is implemented on Apple’s wireless chips: “The LPM setting is triggered when the user turns off their phone or when the iOS system automatically shuts down due to lack of battery.”

Experts believe that, in addition to its obvious advantages, the current implementation of LPM created new attack vectors. LPM support is based on iPhone hardware, so bugs like this can’t be fixed with software updates.

One attack scenario, tested by the researchers, describes how the smartphone’s firmware would allow attackers to have system-level access for remote code execution using a known Bluetooth vulnerability, such as the popular Braktooth flaw. The research was shared with Apple before its publication. Although the company did not comment on it, experts proposed that Apple add a hardware-based switch to disconnect the battery, preventing functions related to the error from receiving power with the device turned off.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Researchers find new way to hack any iPhone even when it’s turned off appeared first on Information Security Newspaper | Hacking News.

In their report, the researchers note that remote code execution and information theft aren’t the only risks, as a malicious hacker could use an unprivileged Android app to perform a privilege-escalation attack and gain access to user data.

Apparently, these flaws exist due to an open-source audio encoding format developed by Apple in 2011. Known as Apple Lossless Audio Codec (ALAC) or Apple Lossless, this is an audio codec format used for digital music data compression. Since its launch, multiple third-party vendors such as Qualcomm and MediaTek have incorporated it into their own audio decoders.

Although Apple fixed its proprietary version of ALAC, the open-source variant of the codec has not received any maintenance since its publication on GitHub, which occurred in October 2011. The flaws reported by Check Point reside in this free-to-use version, used by Qualcomm and MediaTek processors. Below is a list of the reported flaws:

• CVE-2021-0674: Incorrect input validation error in ALAC decoder leading to disclosure of information without user interaction in MediaTek

• CVE-2021-0675: Local privilege escalation failure in ALAC decoder resulting from an off-limits write in MediaTek

• CVE-2021-30351: Out-of-bound memory access due to improper validation of the number of frames passed during music playback on Qualcomm chipsets

In a proof-of-concept (PoC) exploit, the successful exploit allowed the phone’s camera flow to be stolen, says Check Point researcher Slava Makkaveev, who is credited with discovering these vulnerabilities.

Vulnerable chipset manufacturers addressed this vulnerability in December 2021. In his announcement, Makkaveev insists: “The threat actors could have sent one (or any multimedia file) and, when played, could have injected a code into the privileged media service. The hackers could have seen what the affected phone user sees on their device.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two out of three Android smartphones sold in 2021 could easily be hacked through an audio file to exploit vulnerabilities in Qualcomm and MediaTek chipsets appeared first on Information Security Newspaper | Hacking News.

The affected user, identified on Twitter as @revive_dom, reported that his digital wallet with digital assets worth about $650,000 USD was wiped out. Lacovone says he received an alleged call from Apple, so at no point did he suspect he was being the victim of a wire fraud variant.

The alleged Apple employee who contacted him asked for a code sent to his phone; after the user handed over the code, his e-wallet on MetaMask was completely emptied in a matter of a few seconds. The user was quick to report the incident to OpenSea, the world’s largest NFT selling platform, so all the stolen tokens have already been identified as suspicious.

As mentioned above, MetaMask issued a warning to Apple users after detecting an increase in phishing scams to steal digital assets in the same way that happened with Lacovone. Users of this cryptocurrency wallet who activate the backup feature could have sensitive information stored online, which represents a risky practice.

In a series of tweets, MetaMask noted that Apple users could risk losing funds if their Apple password isn’t secure enough, as threat actors could obtain these keys relatively easily.

MetaMask adds that the issue involves iPhone, iPad, and Mac users, and exists because the device’s default settings expose the user’s opening phrase, a MetaMask vault protected with a password stored in iCloud. 

Given this, users were advised to disable automatic iCloud backups to mitigate the risk of exploitation. The digital wallet provider also gave detailed instructions on how to stay secure, although this has not been enough explanation for Lacovone, who will remain annoyed until he recovers his collection: “If 90% of people knew this, I would bet that none of them would have the MetaMask or iCloud application activated.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How someone can easily steal NFT using your iCloud backup appeared first on Information Security Newspaper | Hacking News.

MacOS Monterey was released in October 2021 and is the latest version of the operating system. Apple decided not to respond to requests to explain why they have opted to leave older macOS installations without updates to mitigate these security risks.

Unlike Microsoft and its Windows Lifecycle Policy, Apple details hardware deprecation dates, but offers no written commitment to cover the different iterations of the macOS system. Support for macOS Catalina is expected to conclude later this year, while Big Sur could reach the end of its lifespan in November 2023. Estimates indicate that between 35% and 40% of currently used Mac devices could be exposed to these flaws.

Regarding flaws, CVE-2022-22675 is described as an out-of-bounds write error whose exploitation would allow threat actors to execute arbitrary code with kernel privileges. On the other hand, CVE-2022-22674 is a flaw in Intel Graphics in Big Sur (and potentially in Catalina) that would allow access to kernel memory.

Joshua Long of security firm Intego believes the flaw will almost certainly affect both versions of the operating system: “We are confident that CVE-2022-22674 will likely affect both macOS Big Sur and macOS Catalina, as almost all of the vulnerabilities in the Intel Graphics Driver component recently detected impact all versions of macOS.”

The researcher added that there are dozens of other vulnerabilities in Big Sur and Catalina that are not being actively exploited, but their presence represents a potential risk: “Apple has an unfortunate history of leaving macOS deployments unprotected against some actively exploited attacks, in what some know as a perpetual zero-day vulnerability scenario.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two unpatched zero-day vulnerabilities in Apple macOS Big Sur and macOS Catalina appeared first on Information Security Newspaper | Hacking News.

For years, Apple has required apps to pass a security patch to be supported in the App Store before they can be installed on end-user devices. This process prevents malicious apps from reaching devices and can trigger risk scenarios.

Sophos researchers detailed the detection of two methods employed in this campaign, identified as CryptoRom and based in cryptocurrency fraud targeting iOS and Android users. Unlike the Android system, iOS does not allow the installation of applications from third-party platforms.

The campaign depends on the abuse of TestFlight, an Apple service for beta testing of new apps. By installing TestFlight from the App Store, any iOS user can download and test apps that have not yet completed Apple’s strict verification processes, which threat actors tried to use to their advantage to compromise the devices of unsuspecting users.

Sophos mentions that hackers contacted TestFlight users to convince them to install what appeared to be a new version of BTCBOX, a cryptocurrency exchange app. These users received a link that redirected to the fraudulent APK.

For the researchers, this attack vector allows for better evasion of App Store security measures, such as the Super Signature feature. This feature allows you to use an Apple developer account for limited delivery of some apps. The attack also abuses Developer Enterprise, a program for large enterprises to deploy applications for internal use.

CryptoRom operators also exploit the Web Clips feature, which allows you to add a link directly to an iPhone’s home screen in the form of an icon that can be mistaken for a benign app; this item appears after a user has saved or copied a link. Sophos mentions that threat actors abuse Web Clips to add legitimacy to malicious URLs that redirect to fraudulent app downloads.

In the example below, hackers use a malicious app called RobinHand, intentionally designed similarly to the Robinhood investment platform.

This campaign relies heavily on social engineering, with threat actors resorting to all sorts of tricks to build a trusting relationship with the target user. For example, hackers use social media, dating apps and WhatsApp messages to try to convince affected users to install TestFlight and the malicious app on their iPhone devices.

This is an active risk so iPhone users are advised to stay on top of any signs of attack before it’s too late.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New method to install malware variants on iPhone devices appeared first on Information Security Newspaper | Hacking News.

Launched in April 2021, this device allows iPhone users to track their devices through the Find My service. However, it has been reported on multiple occasions that malicious users can use them to track a person without permission, stealthily hiding them in a backpack, clothing or any other similar site.

Despite Apple’s efforts to counter malicious use of these devices, this remains a severe problem, especially when the tracked user does not have a tool to detect an Apple device from the abusive behavior patterns established by the company.

In 2021 Apple launched the Tracker Detect app for Android users, which would inform users that there is an AirTag enabled in a nearby location. However, the app only informs the user if it is being tracked, so it is not really a reliable tool.

The researchers decided to reverse engineer iOS tracking detection to better understand its inner workings and then design the AirGuard app, for automatic detection of any passive tracking activity and that works with all Find My accessories in addition to the AirTag.

The app was launched at the end of 2021 through the official Google Play Store platform and already has about 120,000 users. With this tool it will be possible to detect all the devices of the Find My family, including the AirTags modified for tracking and espionage purposes.

The app will also be able to detect any AirTag placed in a car, which can prove difficult even for other tools from Apple itself. Finally, the researchers acknowledge that the main weakness during their testing is the limited scanning opportunities on the Android operating system, so the scope of the search could be limited.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post AirGuard: Free Android app allows users to detect if they are being spied on using an Apple AirTag appeared first on Information Security Newspaper | Hacking News.

Infosec researcher Fabian Braunlein of Positive Security has been sharing his ideas on fairly obvious evasion methods for months, considering that everything can be put into practice in real scenarios.

The expert relied on the system on OpenHaystack, a framework for tracking Bluetooth devices using the Find My network, for the development of the clone. Using an ESP32 microcontroller with Bluetooth support, a power bank, and a cable, a clone of the AirTag device was created.

This computer uses a custom ESP32 firmware that constantly rotated the public keys, sending one periodically and repeating the list approximately every 17 hours. However, it is believed that a common seed and bypass algorithm used in the clone and a Mac application used to track it could create a key stream that is virtually never repeated.

Employing an irreversible bypass function and overwriting the seed with the result of the next round would make it impossible for law enforcement or Apple to obtain the previously transmitted AirTag public keys, regardless of whether they have physical access to the device. During their experiment, the Android Tracker Detect app did not show the cloned AirTag at all, although using other tools it was possible to track the cloned device.

The specialist considers that the main risk does not exist properly due to the existence of the AirTag, but exists due to the introduction of the Find My ecosystem that uses the client’s devices to provide this Apple service. Since the current iteration of the Find My network can’t be limited to just AirTags and hardware that officially has permission to use the network, the expert believes Apple should rethink the security of these features.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Researcher publishes way to bypass Apple AirTag anti-spying protection appeared first on Information Security Newspaper | Hacking News.