Tag Archive for: ios

Microsoft adds Authenticator Lite for Outlook on iOS and Android for better email security

/in


In March, we reported that Microsoft was working on a new feature called Authenticator Lite for its Outlook email apps for iOS and Android. This week, Microsoft confirmed that Authenticator Lite is now available in those Outlook mobile apps in general availability.

In a blog post, Microsoft stated:

According to research done by Microsoft, multifactor authentications completed via push notifications in the Microsoft Authenticator app are 71% less likely to be compromised than those completed via SMS codes. Therefore, we strongly recommend moving your users off phone transports for authentication and towards more secure methods such as push notifications. Authenticator Lite (in Outlook) expands the opportunity to convert users by bringing the enhanced security of push notifications to devices that have not yet downloaded the Microsoft Authenticator App.

The update to Outlook on iOS and Android means that users won”t have to download the stand-alone Microsoft Authenticator app to get multi-factor authentication (MFA) security for the email app. Instead, when users launch the Outlook app after the latest update, they will be asked to register the app as an MFA-secured device.

Once that happens, people who need to sign into the app won”t have to confirm their identity with a text message or a phone number. Instead, they will receive a push notification from the Outlook app itself. They will then be prompted to type in the number sent by the notification.

The app can also offer another level of security. In addition to the number prompt, it can ask the user for either a biometric or pin verification if those methods are used on the smartphone.

The Outlook mobile app will continue to add new features in the coming months. That includes one that”s on its roadmap called Message Reminders which will place emails at the top of your inbox that require you to respond to them.

Source…

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

/in


Apple on Friday pushed out a major iOS security update to fix a pair of zero-day vulnerabilities already being exploited in the wild.

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices.

“Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google and Amnesty International with reporting the issue.

The advisory documents two separate issues — CVE-2023-28205 and CVE-2023-28206 — that expose iPhones and iPads to arbitrary code execution attacks.

Apple described the IOSurfaceAccelerator flaw as an out-of-bounds write issue that was addressed with improved input validation.

The WebKit bug, which has already been exploited via web content to execute arbitrary code with kernel privileges, has been fixed with improved memory management.

The company did not say if the newly discovered exploits are capable of bypassing the Lockdown Mode feature that Apple shipped to deter these types of attacks.

The iOS patch comes alongside news from Google that commercial spyware vendors are burning through zero-days to infect mobile devices with surveillance malware.

In one of the two campaigns described by Google this week, an attack started with a link being sent to the targeted user via SMS. When clicked, the link took the victim to malicious websites delivering Android or iOS exploits — depending on the target’s device. Once the exploits were delivered, victims were redirected to legitimate websites, likely in an effort to avoid raising suspicion. 

The iOS exploit chain also hit a WebKit vulnerability (CVE-2022-42856) that Apple patched in iPhones in December 2022. Attacks also involved a Pointer Authentication (PAC) bypass technique, and an exploit for CVE-2021-30900, a sandbox escape and privilege escalation vulnerability that Apple patched in iOS in 2021. 

So far this year, there have been at least 24 documented zero-day vulnerabilities exploited in the wild prior to discovery.

Related: Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary…

Source…

Outlook for Android, iOS to get own Multi-factor authentication capability this month

/in


Microsoft plans to inject a dedicated multi-factor authentication (MFA) capability into Outlook for Android and iOS, and its general availability is expected to arrive this month.

Microsoft wants to make it easier for its Outlook users to perform MFA. With this, the Redmond company revealed in its latest Microsoft 365 roadmap entry that it will introduce a so-called “Authenticator Lite” in the app. According to the feature description, it will cover work or school accounts being used on Microsoft 365 app, Azure Active Directory, and Outlook.

“Authenticator Lite (in Outlook) is a feature that allows your users to complete multi-factor authentication (MFA) for their work or school account using the Outlook app on their iOS or Android device,” the roadmap entry reads.

Despite this, it is important to note that the company already offers the Microsoft Authenticator that Android and iOS users can use for Outlook, other Microsoft products, and other third-party applications. And while introducing the Authenticator Lite might sound redundant for those who already have the Microsoft Authenticator, this will make Outlook a more comprehensive app armed with its own MFA feature. Additionally, this might be one of the software giant’s initiatives to further boost the security capabilities of Outlook as more authorities put scrutinizing eyes on tech companies.

Last month, it can be recalled that the director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, called out Microsoft and Twitter due to the low MFA usage rate among their customers. According to Easterly, only one-quarter of Microsoft’s enterprise customers use it. The official, meanwhile, praised Apple for the high usage rate of the security feature due to its decision to make the feature a default.

Microsoft is also determined to promote the use of MFA in its products, starting with Outlook. However, instead of going the same path Apple is taking by making MFA default, it seems the software company wants to achieve this by making the security feature more convenient and accessible to encourage more users to embrace it. Once Authenticator Lite is completely rolled out, we will see how effective this…

Source…

Robinhood’s wallet app is now available to all iOS users

/in


Image Credits: Robinhood

Robinhood announced Wednesday that its self-custodial crypto wallet app is now for all users on iOS. The wallet first debuted last September in beta with 10,000 users and no network charges for swapping Polygon’s MATIC tokens. In January, the company rolled it out to over 1 million users on the waitlist.

While the app first launched exclusively with Polygon, the company has now included the Ethereum blockchain in the fold along with support for more than 50 ERC tokens like COMP, MATIC, SHIB, SOL, UNI, USDC, and more.

“Users told us they want access to more coins on more chains, which is why we’ve quickly added support for Ethereum. While we recognize it’s been a tumultuous few months in the crypto space, we remain committed to our mission to make Robinhood the most trusted, lowest cost, and the easiest-to-use on-ramp to crypto,” Johann Kerbrat, GM of Robinhood Crypto, said in a blog post.

The Robinhood Wallet also lets users hold their Polygon and Ethereum-based NFTs. Plus, they can access to dApps like Uniswap, Balancer, and Kyberswap. The company noted that it will still not charge any network fees on Polygon.

The fintech company said that for security, users will have to set up a FaceID/Touch ID unlock or a custom PIN to access the app every time. Plus, just like other self-custodial wallets like MetaMask, users will have to generate and store a recovery phrase.

Robinhood said that the app is available across 130 countries on the Apple App Store, and it is working on launching the Android version later this year.

Earlier this week, the US Security and Exchanges Commission (SEC) subpoenaed the company over its cryptocurrency dealings. Meanwhile, robo-advisor company Wealthfront launched has launched a rival stock trading solution that lets users invest as little as $1.

Source…