Security researcher Linuz Henze found a macOS Keychain bug but won’t share it with Apple out of protest.
Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility. However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.
It is odd that there isn’t a macOS bug bounty but I think withholding security information isn’t the way to go.
The team—Fluoroacetate—was crowned Master of Pwn with 45 points.
Security researcher Rafay Baloch found an iOS Safari spoofing exploit, and at this time there is no documented fix. Will iOS 12 patch it?
Charter won’t say how many people have been affected, although the company claims that the flaws weren’t actually exploited.
A new macOS zero day exploit has been found, and this one has been present in the operating system since 2002.
This is part of Project Zero’s modus operandi, as it routinely searches other companies’ software for bugs.
Dave Hamilton and John Martellaro join Jeff Gamet to discuss the HomeKit Zero Day exploit that was just revealed, plus John and Jeff get into a debate about whether the iPad should be considered a computer.
Apple may have patched most of the security flaws that Wikileaks revealed the CIA is exploiting, but not all of them. Apple has been scrambling trying to learn more about the remaining exploits and it looks like the help it needs is coming directly from Wikileaks. The organization said it plans to share everything it knows about the hacks with Apple, and it’s going to do the same for other tech companies the CIA targeted, too.
Dr. Mac says he doesn’t usually write about Apple’s minor operating system updates, but, if you’re using an iPhone, iPad, or iPod touch, you should update to iOS version 9.3.5 without delay. Read all about it in Dr. Mac’s Rants & Raves #190: Update your iOS 9.x Devices Now!