Friday, 3 April 2020

Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari

Apple paid out $75,000 to a hacker for identifying multiple zero-day vulnerabilities in its software, some of which could be used to hijack the camera on a MacBook or an iPhone, according to Forbes.


A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.

Security researcher Ryan Pickren reportedly discovered the vulnerabilities in Safari after he decided to "hammer the browser with obscure corner cases" until it started showing weird behavior.

The bug hunter found seven exploits in all. The vulnerabilities involved the way that Safari parsed Uniform Resource Identifiers, managed web origins and initialized secure contexts, and three of them allowed him to get access to the camera by tricking the user to visit a malicious website.
"A bug like this shows why users should never feel totally confident that their camera is secure," Pickren said, "regardless of operating system or manufacturer."
Pickren reported his research through Apple's Bug Bounty Program in December 2019. Apple validated all seven bugs immediately and shipped a fix for the camera kill chain a few weeks later. The camera exploit was patched with in Safari 13.0.5, released January 28. The remaining zero-day vulnerabilities, which Apple judged to be less severe, were patched in Safari 13.1, released on March 24.

Apple opened its bug bounty program to all security researchers in December 2019. Prior to that, Apple's bug bounty program was invitation-based and non-iOS devices were not included. Apple also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw.

When submitting reports, researchers must include a detailed description of the issue, an explanation of the state of the system when the exploit works, and enough information for Apple to reliably reproduce the issue.

This year, Apple plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, or special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

These iPhones are being provided as part of Apple's forthcoming iOS Security Research Device Program, which aims to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.
This article, "Apple Paid Hacker $75,000 for Uncovering Zero-Day Camera Exploits in Safari" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/34ilEqd

Apple Online Store Lists Screen Protector and AppleCare+ For Upcoming 'iPhone SE'



Apple's Online Store has been updated with a screen protector and AppleCare+ for the rumored new 'iPhone SE'.

The Belkin InivisiGlass Ultra Screen Protector has been modified to indicate compatibility with the 'iPhone SE / 8 / 7'. Given that the previous iPhone SE was a 4-inch device, this likely refers to the next generation model.

Additionally, Apple is once again selling AppleCare+ for the iPhone SE. This is notable as the company's AppleCare page says the protection plan is only available to purchase for the iPhone 7 and newer.





Spotlight Deal:
Apple AirPods and AirPods Pro Are Back on Sale Today [Deal]

Share Article:
Facebook,  Twitter,  LinkedIn,  Email,  Reddit,  Digg,  Delicious,  StumbleUpon

Follow iClarified:
Facebook,  Twitter,  LinkedIn,  Newsletter,  App Store,  YouTube



from iClarified - Apple News and Tutorials https://ift.tt/3dQfn9f

Apple News Currently Down for Some Users

Apple News appears to be running into problems this morning, with social media chatter indicating the service is down for many users.

Apple's System Status page isn't reporting issues with its News service, but launching the iOS app and tapping the Today tab is throwing up a "Feed Unavailable" message for many users. However, other sections of the app do appear to be functioning.

MacRumors was able to replicate the behavior on iPhone and iPad, but the service appears to be working when accessed through the macOS app, at least in the United Kingdom.

According to Downdetector, the problem is mainly being reported by users in the United States and the United Kingdom. We'll update this article when the situation changes.


This article, "Apple News Currently Down for Some Users" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/39EzbsX

2020 iPad Pro Includes Microphone Hardware Disconnect Security Feature

Apple has added an anti-eavesdropping feature to the 2020 iPad Pro that ensures the microphone hardware is disabled when a case is attached to the iPad and closed.


The security feature was first introduced in 2018 in MacBook models using Apple's T2 security chip, which includes a hardware microphone disconnect feature that disables the mics when the notebook's lid is closed.

As spotted by 9to5Mac, an updated version of Apple's Platform Security document makes clear that the anti-eavesdropping is also available on all 2020 ‌iPad Pro‌ models when using an MFI-compliant case.
‌iPad‌ models beginning in 2020 also feature the hardware microphone disconnect. When an MFI compliant case (including those sold by Apple) is attached to the ‌iPad‌ and closed, the microphone is disconnected in hardware, preventing microphone audio data being made available to any software—even with root or kernel privileges in iPadOS or in case the firmware is compromised.
Apple updated the 11-inch and 12.9-inch ‌iPad Pro‌ models last month with a faster A12Z Bionic chip, a new 10MP Ultra Wide camera to complement the traditional 12MP camera, and a LiDAR depth scanner for improved augmented reality experiences.

For some 2018 ‌iPad Pro‌ owners at least, these updates are relatively modest, but the new security features outlined in Apple's documentation may be enough to tempt more privacy-conscious users.
Related Roundup: iPad Pro

This article, "2020 iPad Pro Includes Microphone Hardware Disconnect Security Feature" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/3bLzmUJ

Thursday, 2 April 2020

Amazon Keeps Finding New Ways to Screw Over Its Warehouse Workers Amid Covid-19 Pandemic

Amazon has been scrambling to perform damage control amid alarming reports from employees and demands from lawmakers regarding its lackluster response to the covid-19 pandemic, but on Thursday the e-commerce giant’s PR crisis spiraled even further.

Read more...



from Gizmodo https://ift.tt/2wQOYb0