Tag Archive for: Apple’s

A Leak Details Apple’s Secret Dirt on Corellium, a Trusted Security Startup

/in


Zach Edwards, an independent privacy and security researcher, says that “sensitive technology cannot be haphazardly sold to any company, in any country in the world.”

“While Corellium is a reverse-engineering tool that doesn’t intrinsically create risks through its sale, the core purpose of the tool is to reverse malware,” Edwards says. “And if you sell the product to malware developers in countries averse to Western interests, we should assume that this tool will be used to improve malware.”

A person who tried Corellium in the past, who asked to remain anonymous because they were not allowed to speak to the press, says that “given what’s happening in the world today, you shouldn’t be dealing with Russian companies,” such as Elcomsoft. 

Elcomsoft’s CEO Katalov says that “the decision to work with a company based in Russia is a personal choice.”

“Please rest assured that we still strive to provide the best software and services, and trying to keep good relationships with our customers all over the world,” he adds. “We will just keep doing our job, making the world a safer place and battling the crime.”

Adrian Sanabria, a cybersecurity veteran, says that it’s not surprising that “groups interested in creating iOS exploits would be using a platform designed for iOS security research.” 

“For me, the core takeaway is that Apple created the need for platforms like Corellium by not providing the tools, access, and transparency the market needs and desires,” he says.

Danger Zones

Some of the organizations and companies linked to Corellium in the document come from countries seen as controversial by most people in the cybersecurity community in the West, including Alex Stamos, who acted as an expert witness for Corellium in the lawsuit against Apple.  

“I personally don’t believe it would be ethical to sell exploits to Saudi Arabia,” Stamos, the director of Stanford University’s Internet Observatory, said during testimony he provided in the lawsuit between Apple and Corellium, which is quoted in the document.  

Stamos also expressed doubts about selling products to the United Arab Emirates, whose government had a close relationship with…

Source…

What can we learn from Apple’s new Lockdown Mode?

/in


APPLE has recently announced a new feature, Lockdown Mode, which secures iOS users who might be personally targeted by sophisticated cyber threats.

Lockdown Mode dramatically reduces mobile devices’ attack surface to prevent cyber threats from reaching the user.

This initiative validates what has been known for a long time, mobile devices are inherently exposed to cyber threats.

The importance of mobile security

The development and release of Apple’s new Lockdown Mode feature stresses the importance of mobile security.

Moreover, Apple is not alone; Samsung is also working to enhance the safety of its Galaxy gadgets and recently announced a cooperation with Google and Microsoft to bolster mobile security.

This comes as no surprise to those who manage mobile devices on a daily base.

Using mobile devices for personal and work purposes can expose users to social engineering methods. This has not gone unnoticed by cybercriminals.

Over the past year, researchers at Check Point have observed threat actors’ increased focus on mobile devices.

They leverage social networks and messaging apps to carry out single or even zero-click attacks.

In addition, the vast array and automation of attack tools have enabled attackers to launch large-scale campaigns that are more complex with relative ease.

Apple’s Lockdown mode also addresses files as the main threat vector.

Malicious files have been used in a variety of attacks, including state-level attacks, but they are one of the most overlooked vectors in mobile security.

Malicious PDF, GIF images, and Excel sheets can facilitate cyberattacks, yet most mobile security solutions do not regard them as a major risk.

What is Lockdown Mode and how does it work?

Apple’s Lockdown mode is expected to be available in the fall on iOS 16, iPadOS 16 and macOS Ventura.

Its target is to dramatically reduce mobile devices’ available attack surface by blocking or disabling files and access.

While in lockdown mode:

Most message attachments are blocked – Apple recognised files as an emerging attack vector on mobile devices. In lockdown mode, the download of most message attachment types (other than images) is completely blocked. Other features, like…

Source…

Fanless vs. Active-Cooled M2: How Does Apple’s CPU Fare in the New MacBooks?

/in


Apple’s newest processor, the M2 chip, has arrived in two 2022 models of its seminal laptops: the 13-inch version of the MacBook Pro, and in the redesigned MacBook Air. The laptops have a lot in common, but despite both using the M2, the chip is slightly different, and implemented in different ways, in each one.

So, which of the two new M2-powered MacBooks offers the better performance? After testing both, we’re ready to compare the numbers and give you the answer.

The M2 MacBooks (So Far): Configuration and CPU Nuances

In theoretical terms, the cheapest MacBook Pro 13-inch should easily outperform the cheapest M2 MacBook Air, because the Air starts with an eight-core GPU (offering the 10-core GPU as an optional extra), and the MacBook Pro 13 only comes with the 10-core version.

Apple MacBook Air (2022, M2) lid


(Credit: Molly Flores)

However, of the two review units we tested, neither one is the base model. For the MacBook Pro 13-inch, our test system has a little extra memory and larger storage, while the M2 MacBook Air also has the boosted 10-core GPU and same 16GB of memory and 1TB of storage. Both test configurations sell for $1,899.

One benefit of having the two models with such similar configurations is that we can safely compare them head-to-head, without having to worry about memory or storage differences having an impact on the performance.

The M2 Apple MacBooks We’ve Tested

Apple MacBook Air (2022, M2)


Apple MacBook Pro 13-Inch (2022, M2)

One thing that needs elaborating on, though: the cooling systems in these two laptops, which take two very different approaches. The MacBook Air and the MacBook Pro 13-inch offer two packages for the same M2 chip. The biggest difference between the two new MacBook models—more important than any cosmetic differences by far—is how they cool that M2 chip inside. The Air sticks to passive cooling, letting the natural flow of air and some heat sinks do the job of keeping the CPU from getting too hot.

The MacBook Pro 13-inch, on the other hand, uses a pair of fans, actively drawing in cool air and forcing out the hot. That’s an important difference, since the active airflow can be sped up when needed, and used to maintain cooler temperatures even when the hardware wants to get hot, such as when running multiple…

Source…

Apple’s Lockdown Mode: An ‘extreme’ option for the few

/in


This week, Apple announced a new “extreme, optional” security feature called Lockdown Mode that is aimed at a very small minority of users who are at risk of being deliberately targeted by cyberattacks “from private companies developing state-sponsored mercenary spyware.” It will launch with iOS 16, iPadOS 16, and macOS Ventura this fall. 

Lockdown Mode is designed to block a category of hyper-targeted hacks that are generally used by governments (or private companies with support from governments) against activists, dissidents, journalists, and high-level business people. Although there are presumably other, similar exploits that have not been exposed, the most infamous of these is the spyware called Pegasus

Pegasus, developed by the (now sanctioned) Israeli technology firm NSO Group, turns iPhones and Android smartphones against their users. It’s basically the stereotypical Hollywood hack: The attackers have access to pretty much everything on the device, can intercept calls and messages, and even use the microphone, camera, and GPS to record and track people. Crucially, Pegasus can be a “zero-click” exploit, meaning that it can be installed without the user doing anything; at one point, phones could even be infected through a missed WhatsApp voice call

Cybersecurity typically involves a tradeoff between convenience and security. If you want your computer to be very difficult to hack, don’t connect it to the internet—lock it in a secure room in your house. No viruses! But also no email, Amazon, or Minecraft. Modern iPhones, iPads, and Macs come with loads of features that make them fast, convenient, and easy to use, but these same features also give hackers large “attack surfaces” to work with. Lockdown Mode turns off a lot of these features, or at least makes them disabled by default, at the expense of a great user experience. 

Some of the features that get disabled by Lockdown Mode, for example, are the speed and efficiency technologies in a bit of software called WebKit (which powers Safari). Web pages that haven’t been flagged as “trusted” will take longer to load and may be jankier to use, but those web pages…

Source…