‘SolarWinds’ Hackers Used iOS Zero Day Against Government Officials

· Andrew Orr · Link

Solarwinds hack

The Russian hackers behind the SolarWinds attack used an iOS zero day to steal credentials from Western European governments.

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

Google published a blog post about zero-days here, and you can read coverage from Ars Technica at the link below.

How Apple Arcade Shows an OS Merger Isn’t Wise

· Andrew Orr · Link

apple arcade text

Alex Blake of Digital Trends writes how the nature of Apple Arcade shows the pitfalls of merging iOS and macOS.

You see, Apple Arcade is a showcase for all that’s wrong with taking two very different operating systems and mashing them together into a mixed-up medley where no one wins. Because developers have to make games that work on the tiniest iPhone and the largest iMac, they are forced into compromises that weaken the games on both platforms.

I see his point and I think I agree with him. No one wins except maybe the lowest common denominator. Maybe the more powerful M1 chip would change that, but probably not. iPadOS apps haven’t yet taken full advantage of the chip, as one example.

WWDC 2021: New Features Coming to iOS 15

· Andrew Orr · Product News

iOS 15 screenshots

Many new features are coming to iOS 15, and privacy is just part of the announcement. Here are the other major features.

WebKit Flaw Crashes Safari, Could Lead to Further Exploits

· Andrew Orr · Link

Safari icon in mac dock

A WebKit flaw on iOS and macOS can cause Safari to crash and could lead to further malicious attacks.

The vulnerability stems from what security researchers call a type confusion bug in the WebKit implementation of AudioWorklet, an interface that allows developers to control, manipulate, render, and output audio and decrease latency. Exploiting the vulnerability gives an attacker the basic building blocks to remotely execute malicious code on affected devices.