A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account for $30 USD and tells you to click a link if the transaction was unauthorized. Once a user clicks the link, down the rabbit hole they go.
There is nothing in the email telling victims to open the attachment. Instead the attackers are relying on the victim saying “What the… ? I didn’t purchase an app” and opening the PDF to see what’s going on.
Apple tackled a bevy of vulnerabilities across all its platforms Tuesday. The wide-ranging security fixes came on the same day Apple announced a new laptop and Mac Mini, and a new iPad Pro.
Most notable of the patched vulnerabilities was a FaceTime bug, CVE-2018-4367. Apple’s security notes, a memory corruption bug in affected devices allows a “remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.” The patch address the FaceTime bug in iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
Read more about the patched Apple vulnerabilities on Threatpost.
Check Point has published its latest Global Threat Index for September 2018, revealing a near-400% increase in cryptomining malware attacks against Apple iPhones. These attacks are using the Coinhive mining malware, which continues to occupy the top position in the Index that it has held since December 2017.
Coinhive now impacts 19% of organizations worldwide. Check Point’s researchers also observed a significant increase in Coinhive attacks against PCs and devices using the Safari browser, which is the primary browser used by Apple devices.
Enterprises using Apple’s Device Enrollment Program (DEP) for mobile device management (MDM) enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks.
MDM is a common enterprise technology offered by multiple vendors, which is used by enterprises to keep a handle on employees’ mobile device usage. DEP is an Apple service designed to make MDM enrollment of iOS, macOS and tvOS devices easier. Research from Duo Labs however found that DEP only requires a serial number to enroll a device into an organization’s MDM server, which could allow an attacker to enroll a rogue device into the system.
Read more about how a lack of authentication in Apple’s DEP could allow attackers to obtain Wi-Fi passwords and VPN configurations on Threatpost.
A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher revealed over the weekend. Sabri Haddouche, a security researcher at Wire, has tweeted the source code of the proof-of-concept (PoC) attack that restarts iOS devices – such as the iPhone or iPad – with just a few lines of specially crafted Cascading Style Sheets (CSS) and HTML code.
Haddouche, who came across the attack after looking at DoS attacks on browsers last week, said that users who open a specially formatted link from any iOS-based browser, or using Safari on macOS, are privy to the attack. He has notified Apple and the tech giant is investigating the issue.
Read more about the newly discovered CSS-based attack on Threatpost.
Multiple apps developed by Trend Micro are no longer available in the Mac App Store after researchers showed they were collecting browser history and information about users’ computers. Apple recently removed Adware Doctor, a top security app, from its store, on the exact same grounds.
The apps are Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver, all under the developer account Trend Micro, Incorporated. Until removal, all products were top-sellers. Trend Micro denies that its apps were stealing user data. The company confirmed that some of its apps collected browser snapshots, but the behavior was disclosed in the EULAs of each product.
Apple has removed a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user’s permission and then uploading it to someone in China.
Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews.
A teenager from Melbourne, unnamed for legal reasons, is now facing criminal charges after he allegedly accessed Apple’s network without permission, leading to the theft of documents and the apparent compromise of customer accounts.
As reported by The Age, the teenager managed to compromise “Apple’s mainframe” a number of times from his bedroom over the course of a year. The teenager reportedly downloaded roughly 90GB of content from the network which was stored in a folder called “hacky hack hack.”
Read more about the alleged network breach, which comes after iOS source code was leaked on GitHub, on TechRepublic.
Despite Apple’s supply chain being among the most closely monitored and analyzed in the world, its devices are not immune to all potential hacks. According to a report from Wired, it’s possible that a brand new Mac could be remotely compromised the first time it connects to Wi-Fi out of the box.
Such attacks were demonstrated during the Black Hat security conference. The attacks target enterprise devices that use Apple’s device enrollment program (DEP) and its Mobile Device Management (MDM) platform.
Read more about the new Wired report revealing a common vulnerability in Macs that exploits DEP and MDM platforms, on TechRepublic.
Mac forensics guru Sarah Edwards, who blogs under the cool nickname of mac4n6 (say it out aloud slowly and deliberately), recently wrote about a rather worrying Mac password problem.
Another Mac password problem, that is – or, to be more precise, yet another password problem.
Apple has ended up with password egg on its face twice before since the release of macOS 10.13 (High Sierra).
First was the “password plaintext stored as password hint” bug, where macOS used your password as your password hint, so that clicking the button after plugging in a removable drive would immediately reveal the actual password instead.
Read about the new MacOS 10.13 High Sierra password vulnerability which leaks the users’ passwords in plain text on Sophos Blog.