Connect with us

Tech

Apple releases iOS 15.2.1 to patch iPhones and iPads against HomeKit flaw – TechCrunch

Published

 on


Apple has fixed a security vulnerability in iOS and iPadOS that could be exploited via HomeKit to launch persistent denial of service (DoS) attacks.

The technology giant released iOS 15.2.1 and iPadOS 15.2.1 on Wednesday to patch the so-called “doorLock” flaw, which was disclosed earlier this month by security researcher Trevor Spiniolas. The bug affects iPhones and iPads running iOS 14.7 through iOS 15.2 and is triggered via HomeKit, Apple’s smart home platform that lets Apple users configure, communicate with and control their smart home devices.

To exploit the bug, an attacker would need to change the name of a HomeKit device to a string larger than 500,000 characters. When that string loads on a user’s iPhone or iPad, the device’s software would be thrown into a denial of service (DoS) state, requiring a forced-reset to unfreeze. But once the device reboots and the user signs back into the iCloud account linked to HomeKit, the bug is triggered again.

Even if a user doesn’t have any devices added on HomeKit, an attacker could create a spoof Home network and trick a user into joining via a phishing email. Worse, Spiniolas warned that attackers could leverage the doorLock vulnerability to launch ransomware attacks against iOS users, locking devices into an unusable state and demanding a ransom payment to set the HomeKit device back to a safe string length.

Spiniolas said that Apple pledged to fix the issue in a security update last year, but this was pushed back until “early 2022,” prompting Spiniolas to disclose the bug fearing the delay poses a “serious risk” to users.

“Despite them confirming the security issue and me urging them many times over the past four months to take the matter seriously, little was done,” he wrote. “Status updates on the matter were rare and featured exceptionally few details, even though I asked for them frequently.”

“Apple’s lack of transparency is not only frustrating to security researchers who often work for free, it poses a risk to the millions of people who use Apple products in their day-to-day lives by reducing Apple’s accountability on security matters.”

The update can be downloaded now and is available for the iPhone 6s and later, all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later and iPod touch (7th generation).

Adblock test (Why?)



Source link

Continue Reading

Tech

Safari exploit can leak browser histories and Google account info – Yahoo Movies Canada

Published

 on


Apple device users appear to be vulnerable to a significant browser privacy flaw. According to 9to5Mac, FingerprintJS has disclosed an exploit that lets attackers obtain your recent browser history, and even some Google account info, from Safari 15 across all supported platforms as well as third-party browsers on iOS 15 and iPadOS 15. The IndexedDB framework (used to store data on many browsers) is violating the “same-origin” policy that prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another, letting appropriately coded websites deduce Google info from signed-in users as well as histories from open tabs and windows.

The flaw only compromises the names of the databases rather than the content itself. However, this would still be enough for a malicious site owner to grab your Google username, discover your profile picture and otherwise learn more about you. The history could also be used to piece together a rudimentary profile of the sites you like. Private browsing won’t defeat the exploit, FingerprintJS said.

We’ve asked Apple for comment. FingerprintJS said it reported the issue on November 28th, however, and that Apple hadn’t yet addressed it with security patches honoring same-origin policy. Until then, the only solution may be to either use a third-party browser on Macs or block all JavaScript, neither of which is necessarily an option.

Adblock test (Why?)



Source link

Continue Reading

Tech

Apple Will Reportedly Be Requiring Covid-19 Boosters for Its Store and Corporate Workers – Gizmodo

Published

 on


A health worker prepares to administer a dose of Moderna Covid-19 vaccine at the Bang Sue Grand Station, Bangkok.
Photo: Peerapon Boonyakiat/SOPA Images/LightRocket (Getty Images)

Apple now considers covid-19 booster shots to be an important element in protecting its workers and will be purportedly requiring employees to show proof that they’ve gotten the additional dose to access its premises, according to an internal email seen by the Verge.

On Saturday, the Verge reported that Apple would be requiring its retail and corporate employees to get a covid-19 booster shot once they are eligible for one. According to the Centers for Disease Control and Prevention, individuals who received Pfizer-BioNTech and Moderna vaccines can get a booster five months after their first two shots. Those who receive the one-dose Johnson & Johnson shot are eligible to get boosted two months after vaccination.

As told by the Verge, Apple workers will have four weeks to comply with the company’s booster requirement once they become eligible. If employees don’t get a booster within that time frame, they will be required to take frequent covid-19 tests to enter an Apple Store, partner store, or Apple office beginning on Feb. 15.

“Due to waning efficacy of the primary series of COVID-19 vaccines and the emergence of highly transmissible variants such as Omicron, a booster shot is now part of staying up to date with your COVID-19 vaccination to protect against severe disease,” Apple stated in the internal email, according to the Verge.

The memo also contained information for unvaccinated employees, which will be required to provide a negative covid-19 rapid antigen test before entering the workplace beginning on Jan. 24. Workers who have not provided proof of vaccination will also have to abide by this testing policy.

Gizmodo reached out to Apple on Sunday to confirm the Verge’s report, but we didn’t hear back by the time of publication. We’ll update this article if someone from the company gets back to us.

If the internal email is accurate, Apple would join Meta, owner of Facebook, WhatsApp, and Instagram, in requiring covid-19 booster shots for its employees. On Monday, Meta said that employees who are eligible to receive booster shots would need to provide proof of vaccination beginning on March 28 to enter its offices.

“Boosters provide increased protection,” a Meta spokesman told the Wall Street Journal. “Given the evidence of booster effectiveness, we are expanding our vaccination requirement to include boosters.”

Google hasn’t disclosed whether it will require its employees to get covid-19 booster shots but did say on Thursday it would require employees and contractors to have a negative covid-19 molecular test—which are generally more accurate and detect the presence of the coronavirus’ genetic material—such as a PCR test to access its offices or facilities. We reached out to Google to ask whether it would be requiring covid-19 booster shots for its employees on Sunday but haven’t heard back yet.

Amazon, meanwhile, purportedly isn’t using mandates to get people to get boosted, it’s using what it knows best: money. This past Thursday, the Information reported that Amazon was paying its hourly workers, including its 750,000 U.S. warehouse workers, $40 and offering them an extra (unpaid) day off to get a booster shot.

Gizmodo reached out to Amazon on Sunday to confirm whether this was indeed the case and ask if it planned to require boosters for all employees. We’ll update this article if someone from Amazon gets back to us.

Adblock test (Why?)



Source link

Continue Reading

Tech

Awesome Games Done Quick 2022 Raises Over $3.4 Million For Prevent Cancer Foundation – GameSpot

Published

 on


Awesome Games Done Quick 2022, the first of multiple charity speedrunning events run by the Games Done Quick Foundation, has ended with over $3.4 million raised for the Prevent Cancer Foundation.

139 speedruns made up this year’s marathon, which began January 9 at 12 PM ET and ended at approximately 2 AM ET January 16. The exact amount raised by the event was $3,416,729, with all donations taken during that same time period.

Highlights of this year’s event included a Pokemon race with one player running Omega Ruby and the other Alpha Sapphire, runs in multiple 2021 releases including Resident Evil Village and It Takes Two, and a blindfolded run of Sekiro: Shadows Die Twice completed in exactly two hours. Multiple world records were also set during the event, including:

Awesome Games Done Quick is an annual charity speedrunning marathon run in early January by the Games Done Quick Foundation. The foundation runs multiple marathons throughout the year, including Summer Games Done Quick and Flame Fatales. Each event raises money for a different charity, including the Prevent Cancer Foundation, Doctors Without Borders, and the Malala Fund.

Adblock test (Why?)



Source link

Continue Reading

Trending