Articles about Apple Security

Five years after it was launched, Apple has announced major changes to its bug bounty program. The Apple Security Bounty program is entering what the company describes as a “new chapter”, and the headline change is a massive boost to the payments made for the discovery of the most serious types of security issues.

In addition to this and other changes, Apple also reveals that it has paid out over $35 million to more than 800 security researchers since the scheme launched in 2020. The company points out that many of these payouts were for $500,000. But the focus here is what is happening in the future.

Continue reading →

Apple has issued a warning about a security flaw that could be used to take full control of iPhones, iPads and Macs. The company says that the vulnerability "may have been actively exploited" and has issued a slew of updates to patch the problem.

Going some way to prove that it is not just Windows that suffers serious security issues, this vulnerability is tracked as CVE-2022-32893. The potential impact of the flaw is so wide because it stems from a bug in Safari’s WebKit rendering engine.

Continue reading →

Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.

The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.

Continue reading →

Apple makes much of the security of its products, but vulnerabilities are certainly not unknown. SSD Secure Disclosure has revealed details of a zero-day flaw affecting Finder in macOS. It can be exploited to run arbitrary commands without displaying any messages, prompts or warnings.

The vulnerability was discovered by independent security researcher Park Minchan, and it is present in macOS Big Sur and earlier. The flaw relates to the way macOS processes .inetloc (internet location) files and Apple has made a poor, easily circumvented attempt to fix it in the most recent version of its Mac operating system.

Continue reading →