security flaw

Researchers from MIT CSAIL have discovered a hardware vulnerability in Apple's M1 chips that they say cannot be fixed with a software patch — reports Macworld. According to the researchers, the problem lies with the M1's use of pointer authentication. Pointer authentication is a safety feature designed to protect the CPU from bad actors who gain...

Microsoft has just discovered a new macOS vulnerability “powerdir,” that could allow an attacker to bypass the operating system’s TCC technology, thereby gaining unauthorized access to a user’s protected data. For those who aren’t familiar, TCC in macOS helps users configure the privacy settings of their apps, such as access to the device’s camera, microphone,...

The latest iteration of Apple's computer Operating System, macOS 11.3, launched earlier today, alongside iOS 14.5, iPadOS 14.5, tvOS 14.5 and watchOS 7.4. According to Mashable, there's a lot more to the update than gaming keyboard layouts and new intuitive features — macOS 11.3 comes with a fix for a critical (yet largely unreported) security vulnerability...

Apple's quick patch for the recently discovered "root" user bug can be undone by upgrading to macOS 10.13.1. According to a Wired report on Friday, multiple users have confirmed that upgrading from macOS 10.13.0 High Sierra to the latest version 10.13.1, released at the end of October, disables Apple's security patch for the root user login flaw. In particular, users...

A Google Project Zero researcher has found some critical vulnerabilities including a remote code execution in Broadcom’s Wi-Fi system-on-chip (SoC) which if exploited can allow attackers to compromise smartphone devices like iOS and Android devices. In a blog post by the researcher, Gal Beniamini, he revealed that a hacker within the range of a shared WiFi network will potentially...

There is a major security flaw in the iOS 10 backup protection mechanism, say ElcomSoft's security researchers. The flaw allows attackers to bypass certain security checks when enumerating passwords protecting local (iTunes) backups made by iOS 10 devices (via TNW). According to a blog post published today, Moscow-based Elcomsoft's security researchers have discovered that iOS 10 backups include...

After years of bug hunts, Apple's latest iOS (9.3.1) still has a flaw allowing anyone to bypass the passcode on a limited set of devices, and allows them to access Contacts and Photos. The vulnerability seems to affect only the latest iPhone 6s and 6s Plus handsets, as 3D Touch is needed to replicate the bug...

Apple has just released OS X 10.11.4 which patches a long list of vulnerabilities the system includes, but it looks as though they forgot to patch one major flaw that gives hackers near-total control of any Mac. The zero-day vulnerability was discovered by SentinelOne, as reported by The Next Web. The major security flaw allows...

Stefan Esser, a German researcher from security audit firm SektionEins, has disclosed a major OS X vulnerability, which affects OS X 10.10.x and is related to the new features added by Apple to its latest software (via ZDNet). As Esser details, the security flaw is related to the new environment variable DYLD_PRINT_TO_FILE that enables error...

If you thought that Apple had ironed out iOS 8 until now, here is another reason to worry — especially if you are a power Mail app user: Ernst and Young security researcher Jan Soucek has uncovered a bug that leaves millions of iOS users vulnerable to phishing attacks (via The Register). Remember those password...

Researchers have discovered a nasty bug that has been around since the 1990s. Dubbed "FREAK" for Factoring attack on RSA-EXPORT Keys, the security flaw allows hackers to conduct a "man-in-the-middle" attack and decrypt encrypted messages. The flaw affects Apple's, Google's, and other devices that use unpatched OpenSSL, reports the Washington Post. As the researchers point...

Yesterday, Adobe released a critical update for Flash Player that fixes a security vulnerability affecting Mac OS X, Windows, and Linux.  The security flaw allows hackers to steal cookies that are used to authenticate users on many popular sites, including Twitter, Instagram, eBay, and Tumblr. If the attacker were to exploit this flaw on any...