Displaying items by tag: Apple

Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.

After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.

I’ll take stupid features for $500 Alex. It seems that Apple is looking to deploy a feature that would allow your phone to sound and reply just like you do. The feature called “Personal Voice” uses a form of AI to replicate the sound and speech pattern of your voice in as little as 15 minutes (queue GEICO joke here). The feature is part of an update to their built-in accessibility features toolkit and on the surface is intended to help people that have speech challenges. Personal Voice can be used for in-person conversations and via phone calls. This feature will be tied to something called Live Speech which allows someone to type in messages and have them spoken by your phone.

Two new variants of Cobalt Strike written in Ggoogle’s Golang have popped up on the wild internet. According to SentinelOne, this new flavor is set up to target macOS systems. They have also noted that this new beacon (called Geacon) has been popping up on malware review sites like Virus Total in the past few months. The new detections could be part of red-teaming exercises, but the increase seems to indicate that real-world malicious activity is also part of the surge in detections.

A couple of weeks ago Meta, Facebook’s parent company, announced that they were losing money (to the tune of $10 Billion) due to changes in the way Apple mobile devices handle user tracking by apps. The move by Apple was a bit of a surprise considering some of Apple’s history, but when you consider that Apple and Meta will probably be VR competitors it was not that much of one. The announcement also caused many to wonder if Google would follow suit.

Yesterday Apple released several patches for their different operating systems. One that we have talked about before is a core bug in Apple’s WebKit based Safari. This bug could potentially leak personal information regardless of the privacy settings you had enabled. In macOS you could always change to another browser that was not WebKit based. On iOS, iPadOS, watchOS and other app store locked devices there was no option as Apple requires every browser to use WebKit for its render engine.

When you are hunting, finding out where your target frequents and laying in wait is an often-used tactic. If your information is good, you are going to have a successful hunt. The same is true in cybersecurity, both from an attacker and researcher perspective. These attacks are called watering hole attacks. You are looking for your intended target to come and “take a drink” so you can spring your trap.

It seems that Apple may have an issue with their AirTags, the small tracking devices that use the Apple device network to help you find items that you have put trackers on. They are similar although much more effective than items like Tile. The problem is that since these trackers can ping out to any Apple device, there was a chance that they could be used for shady purposes. This possibility was brought up when they were launched and surprisingly, Apple listened. They added in methods to detect if someone is tracking you using an AirTag. True, not releasing something like this would have been better, but some protection is better than nothing.

All good things must come to an end. In April of 2013 we published an article that Apple and their iOS based devices would begin to slide in 2016. It was in response to a survey/analysis claiming that Apple would reclaim the crown from Google by 2016 and dominate through 2018. For some reason the technical and financial press were jumping at the announcement for Windows phone 8.x. The fact that Windows phone held a single digit market share at the time did not seem to matter to them.

It is said that nature abhors a vacuum and that is certainly true. Something will come along to fill the void if we let nature take its course. Unfortunately this law is a little mutated in the consumer electronics market and especially in the PC component world. Here is reads; the market cannot stand not having an “It” technology, so we much create one. It seems that the last few years we have been watching this happen.