Tag Archive for: apple

Parliament Panel May Summon Apple Officials Over ‘Hacking’Say Sources –

/in


1 November, 2023 | Srishti Ruchandani

Apple Top News

The committee’s secretariat has expressed ‘deep concern’ and is treating the matter with the ‘utmost seriousness’,” the official said.

The Parliamentary Standing Committee on Information Technology (IT) is reportedly considering summoning Apple officials for an upcoming meeting to address recent alerts related to “state-sponsored attacks” sent to Opposition leaders and other public figures in the country on their iPhones, citing an official from the committee’s secretariat. The committee’s secretariat has expressed ‘deep concern’ and is treating the matter with the ‘utmost seriousness’,” the official said.

This issue came to light when several Opposition leaders claimed to have received notifications from Apple regarding “state-sponsored attackers” attempting to compromise their iPhones, and they accused the government of being involved in hacking. The government has denied these allegations and has stated that a thorough investigation will be conducted.

Shiv Sena (UBT) MP Priyanka Chaturvedi, Aam Aadmi Party’s (AAP) Raghav Chadha, and some aides of Congress MP Rahul Gandhi also received the message from Apple.

Some others who received similar alerts included think-tank Observer Research Foundation (ORF) president Samir Saran, an OSD of Delhi Chief Minister Arvind Kejriwal, and The Wire’s founding editor Siddharth Varadarajan.

Apple, in response to the controversy, issued a statement clarifying that they did not attribute the threat notifications to any specific state-sponsored attacker and suggested that the notifications might be false alarms.

The government expressed its concern and confirmed the initiation of an investigation into the incident. They also noted that Apple had issued a similar advisory in nearly 150 countries, and the alerts were considered vague in nature.

IT minister Ashwini Vaishnaw rejected the opposition’s attack on the government, saying the “compulsive…

Source…

apple: Apple sounds alarm over hacking, govt orders probe

/in


Messages from Apple to iPhones of several Opposition lawmakers and journalists warning them that they could be potential targets of an unspecified ‘state-sponsored’ privacy attack raised a furore in India Tuesday, prompting New Delhi to order a probe of the reported bids to hack into the seemingly breach-proof mobile devices caught in the poll-season political maelstrom.

“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications,” electronics and IT minister Ashwini Vaishnaw said in a post on social platform X. “In light of such information and widespread speculation, we have asked Apple to join the probe with real, accurate information on the alleged state-sponsored attacks.”

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
Indian School of Business ISB Product Management Visit
IIM Kozhikode IIMK Advanced Data Science For Managers Visit
IIM Lucknow IIML Executive Programme in FinTech, Banking & Applied Risk Management Visit

Users facing such attacks are “individually targeted because of who they are or what they do”, said Apple’s alert message. The company later said in a statement that it did not attribute to a “specific state-sponsored attacker” the threat warnings sent to the iPhone-users.

Also read | ETtech Explainer: why Apple sent emails about ‘state-sponsored attacks’ to opposition leaders

MoS for electronics and IT Rajeev Chandrasekhar said that the government will investigate these threat notifications and also Apple’s claims of being secure and privacy compliant devices.

Untitled

Discover the stories of your interest

‘Can’t Provide Info on Cause’

“After today’s ‘threat notifications’ being received by many people including MPs and those in geopolitics, we expect Apple to clarify the following: If its devices are secure, why are these ‘threat notifications’ sent to people in over 150 countries? Because, Apple has repeatedly claimed their products are designed for privacy,” Chandrasekhar said on X.Since early Tuesday, Opposition leaders such as Trinamool Congress’ Mohua Moitra, Shiv Sena (Uddhav)’s

Source…

New speculative execution hack can expose passwords and other sensitive data on Apple SoCs

/in


TL;DR: Researchers at Georgia Tech have developed a side-channel exploit for Apple M-series and A-series chips running macOS and iOS. The attack, cleverly dubbed iLeakage, can force Safari and other browsers to reveal Gmail messages, passwords, and other sensitive and private information.

iLeakage works similarly to the Spectre and Meltdown exploits that gave chip manufacturers so much trouble in 2018. The attack leverages the speculative execution feature of modern processors to gain access to information that would normally be hidden.

The method Georgia Tech developed is not a simple matter. While it doesn’t require specialized equipment, the attacker must have a decent knowledge of reverse engineering Apple hardware and side-channel exploits. It also involves creating a malicious website that uses JavaScript to covertly open another webpage, Gmail, for example, to scrape data into a separate popup window on the hacker’s computer. It’s not a hack that script kiddies could execute.

https://www.youtube.com/watch?v=Z2RtpN77H8o

The technique can reveal the contents of an email so long as the user is logged into Gmail (masthead video). It can also grab credentials if the victim uses a password manager’s auto-fill function (above). Theoretically, the exploit could show the hacker practically anything that goes through the processor’s speculative execution pipe. Below they demo how it can access a target’s YouTube history.

iLeakage utilizes WebKit, so it only works with Safari on Macs with an M-series chip (2020 or later). However, any browser on recent iPhones or iPads is vulnerable since Apple requires developers to use its browser engine on those operating systems. It is unclear if the method could be tweaked to use non-WebKit browsers in macOS.

Although there is no CVE tracking designator, Georgia Tech notified Apple of the security issue on September 12, 2022. Cupertino developers are still working on fully mitigating it. At the time of public disclosure, Apple had patched the vulnerability in macOS, but it’s not on by default and is considered “unstable.” The researchers listed steps to enable the…

Source…

Yikes: Apple Patches 3 New Zero-Day Exploits for iOS, MacOS

/in


Apple today released a fix for a trio of iOS vulernabilities that hackers may already be exploiting.

Apple issued emergency patches for iOS 16 and the newly launched iOS 17, as well as iPadOS, Safari, watchOS and macOS Ventura and Monterey. 

Although details are thin, the vulnerabilities were discovered by two security researchers, according to Apple. The first, Bill Marczak, works for Citizen Lab, a watchdog group that investigates spyware attacks from commercial surveillance companies. The other, Maddie Stone, is a researcher at Google’s Threat Analysis Group, which is dedicated to protecting users from state-sponsored hackers and commercial spyware dealers. 

Google and Citizen Lab didn’t immediately respond to requests for comment. But it’s likely the two security researchers uncovered the vulnerabilities while investigating an attack on user devices. The fixes also come two weeks after Citizen Lab discovered a new iOS attack allegedly from notorious spyware dealer NSO Group that infected a device belonging to an employee at a “Washington DC-based civil society organization.”  

The first vulnerability, CVE-2023-41993, involves Webkit, the browser engine for Safari. The researchers discovered the engine can be manipulated to execute rogue computer code if it processes certain web content. Hence, the vulnerability could be paired with a malicious message or website to potentially trigger an iPhone to download malware

The second vulnerability, CVE-2023-41992, can affect iOS’s kernel, the core part of the operating system. Exploiting this bug can help an attacker elevate their privileges over the OS, enabling them to install programs or gain access to sensitive data. 

Meanwhile, the third vulnerability, CVE-2023-41991, can allow a malicious app to potentially “bypass signature validation,” enabling an attacker to circumvent the security check Apple uses to verify an iOS app is safe and legitimate. 

Recommended by Our Editors

All three vulnerabilities also affect macOS Ventura, with Apple warning, “additional CVE entries coming soon,” a sign that other exploits have been found. 

To update an iPhone, go to Settings > General > Software Update. The device can also…

Source…