Social engineering, fake App Stores, hit iOS, Sophos warns

Credit to Author: Jonny Evans| Date: Thu, 13 May 2021 08:26:00 -0700

I didn’t entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad

The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple’s mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

To read this article in full, please click here

Read more

Jamf adds zero trust security to the Apple enterprise

Credit to Author: Jonny Evans| Date: Wed, 12 May 2021 10:38:00 -0700

Read more

Enterprises need to get smart about iOS security

Credit to Author: Jonny Evans| Date: Tue, 11 May 2021 09:02:00 -0700

The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware

XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

To read this article in full, please click here

Read more

How long until Apple boots apps from its stores for privacy issues?

Credit to Author: Jonny Evans| Date: Wed, 28 Apr 2021 09:13:00 -0700

Apple will inevitably begin enforcing the privacy requirements it has put in place across its ecosystem, meaning developers who attempt to avoid or dissemble their way around these protections should expect action, including removal from the App Store.

What Apple is doing

Everyone recognizes how seriously Apple takes privacy. Statement by statement and all through iterative software and product releases, the company is making it crystal clear that it believes privacy is essential to achieve the potential of digital transformation.

To read this article in full, please click here

Read more

Details of how the feds broke into iPhones should shake up enterprise IT

Credit to Author: Evan Schuman| Date: Mon, 19 Apr 2021 03:18:00 -0700

Apple has an awkward history with security researchers: it wants to tout that its security is excellent, which means trying to silence those who aim to prove otherwise. But those attempts to fight security researchers who sell their information to anyone other than Apple undercuts the company’s security message.

A recent piece in The Washington Post spilled the details behind Apple’s legendary fight with the U.S. government in 2016, when the Justice Department pushed Apple to create a security backdoor related to the iPhone used by a terrorist in the San Bernardino shooting. Apple refused; the government pursued it in court. Then when the government found a security researcher who offered a way to bypass Apple security, the government abandoned its legal fight. The exploit worked and, anticlimactically, nothing of value to the government was found on the device.

To read this article in full, please click here

Read more