Macbook Archives - Apple authority

VPNs can be rendered useless on Apple Phones

Jonna N — Wed, 08 May 2024 10:40:56 +0000

Two security researchers at Leviathan Security Group have developed a new attack, dubbed TunnelVision, which can force virtually all virtual private network (VPN) applications to send and receive traffic outside of their encrypted tunnel. In other words, it can completely eliminate the functionality that a VPN is intended to provide.

The attack allows the attacker to intercept the victim’s traffic, which is then routed through the attacker’s system, allowing them to read, modify, and leak data while the victim remains connected to both the internet and their VPN.

According to Ars Technica, the vulnerability, identified as CVE-2024-3661, which the attack exploits, has existed since 2002 and it is possible that it has already been used by attackers. Most operating systems like IOS/MacOS, except Android are currently vulnerable to the attack.

The most effective way to protect oneself is to run a VPN in a virtual machine whose network adapter is not in bridged mode. Alternatively, connecting a VPN to the internet via a mobile device’s Wi-Fi network can also provide protection.

The post VPNs can be rendered useless on Apple Phones appeared first on Apple authority.

Apples M1,M2,M3 leaks data

Leif Jensen — Wed, 17 Jan 2024 20:44:35 +0000

Apples CPUs are vulnerable to read data from the shared memory used by graphics processing.

The LeftoverLocals attack lets attackers launch a ‘listener’ – a GPU kernel that reads from uninitialized local memory and can dump the data in a persistent location, such as the global memory.

The vulnerability is illustrated by:

The post Apples M1,M2,M3 leaks data appeared first on Apple authority.

Apple-users are hacked please patch your Safari, IOS,IpadOS,TVOS, Sonoma, Montery or Ventura Apple-device

Leif Jensen — Wed, 13 Dec 2023 11:20:21 +0000

Apple ha released security patches for most of its devices due to hacks involving using the blutetooth function to hack devices..
Apple ha released security patches for most of its devices due to hacks involving using the blutetooth function to hack devices..

Apple-users have been vulnerable for this for a long time, and it took Apple more than a week to publish the current patchces after the vulnerability was public-domain.

read more and download updates from Apple at: https://support.apple.com/en-us/HT201222

The post Apple-users are hacked please patch your Safari, IOS,IpadOS,TVOS, Sonoma, Montery or Ventura Apple-device appeared first on Apple authority.

Apples new Macbooks, overpriced netbook with great battery.

Leif Jensen — Sun, 26 Nov 2023 01:01:27 +0000

The new line of MacBook Pros features the latest M3 CPUs, made by Chinese TSMC on their 3nm process. The major issue is that Apple, this time around, keeps the number of cores of the CPU but trades performance cores (big-little architecture as most phone-type ARM CPUs these days) by replacing them with efficiency cores. This makes performance similar in most advanced use-cases to the older M2 MacBooks, despite the substantially raised price-tags. Of course, as always with Apple CPUs, hyper-threading and scalability are inferior to both AMD’s and Intel’s x86 current CPU offerings.

Apart from the marked-up price (most markets) and a refresh of the CPU, the differences are almost negligible.

Apple also offers the measly 8GB RAM option as the standard/base offering for these MacBooks, which is sort of ridiculous as these 8GB is shared between the GPU and CPU so there is no further dedicated video/AI memory

The post Apples new Macbooks, overpriced netbook with great battery. appeared first on Apple authority.

Just before China bans US-closed-source iPhone’s, another backdoor gets public.

Leif Jensen — Fri, 08 Sep 2023 21:08:51 +0000

The latest Apple-wide open backdoor was discovered by accident by researchers at the University of Toronto’s Citizen Lab on a Saudi civil rights defender’s phone. The Apple backdoor was being ‘actively exploited,’ for example, by Israeli spyware.

These actively exploited backdoors provided complete access and control on any iPhone, iPad, or Mac just by sending a picture. The user didn’t have to open or click on anything. The iPhone and its camera, microphone, etc. were simply completely remotely controlled by anyone taking advantage of these built-in backdoors.

When the backdoor went public, it became a marketing nightmare for Apple, which makes bold claims of privacy and security solely based on their ‘security by obscurity’ marketing model to give iPhone users a false sense of security. Apple has, of course, decided to patch it using a mandatory OS upgrade on all Apple hardware devices. Anyone who cannot upgrade or does not want to run the latest buggy version of iOS or macOS will be left at the mercy of a device that is completely unsafe to use.

The software can install itself on a phone without requiring users to click a link and gives the hacker complete access to the entire contents of the phone, as well as the ability to use its cameras and microphone undetected.

In usual fashion, Apple will not provide security fixes for devices they decide not to upgrade, and there will be no security fixes for older OS releases.

Apple has denied to comment.

The post Just before China bans US-closed-source iPhone’s, another backdoor gets public. appeared first on Apple authority.

New bill could put a stop to Apple services

Jonna N — Tue, 25 Jul 2023 07:55:27 +0000

The UK government wants to force technology companies to include more backdoors in their products.

The British government wants to make it easier for the police and intelligence services to read encrypted messages, which essentially means that technology companies need to add additional backdoors to their products.

If the bill becomes a reality, Apple threatens to stop offering popular services like iMessage and FaceTime in the UK.

Similar sentiments are echoed by WhatsApp and Signal, which means that the availability of messaging services will greatly decrease if the UK parliament approves the bill.

"There is a certain arrogance and ignorance from the government's side if they think that technology companies will comply with the new requirements without a fight," says security expert Alan Woodward from Surrey University in a comment to the BBC.

US Government already has alledged extensive backdoor access provided by Apple, contrary to UK government's new proposal

It is of utmost importance to highlight that the UK government's demand for technology companies to incorporate backdoors into their products is redundant, as the US government already has significant access through Apple's existing backdoors.

This proposed legislation effectively undermines the security and integrity of technology products, as it requires compromising encryption and providing direct access to law enforcement and intelligence agencies.

In light of the existing backdoor access already provided by Apple, the UK government should reconsider its proposal and focus on alternative methods for ensuring national security while respecting the privacy and security rights of its citizens.

The post New bill could put a stop to Apple services appeared first on Apple authority.

Apple releases another fix for their “fix”…

Leif Jensen — Fri, 14 Jul 2023 22:26:50 +0000

Apple makes a new attempt with an emergency security fix for Mac OS and iOS. The update is recommended for all users of Mac OS Ventura, iOS 16, and iPad OS 16.

An emergency security fix was sent out for Mac OS Ventura 13.4.1, iOS 16.5.1, and iPad OS 16.5.1, through the Rapid Security Response feature.

However, it didn't take long before Apple decided to withdraw the security fix due to complaints that it was causing major issues with Safari. For example, users were unable to access Facebook, Instagram, WhatsApp, or Zoom.

Now, Apple has released a new version of the fix, this time with the addition of (c) to differentiate it from the old version that had the addition of (a).

According to Apple's support page, the fix addresses a serious vulnerability in Webkit (CVE-2023-37450) that is actively exploited by hackers.

Users of Big Sur (Mac OS 11) and Monterey (Mac OS 12) do not have access to the Rapid Security Response feature, so the security fix is included in Safari 16.5.2. To install that version, open System Preferences and select the Software Update option."

The post Apple releases another fix for their “fix”… appeared first on Apple authority.

Safari users easily hacked. Mac users advised to remove browser.

Jonna N — Sat, 24 Jun 2023 10:12:28 +0000

Safari users easily hacked. Mac users advised to switch browser due to Safaris constant holes and slow time between security fixes.

CERT-In has issued a warning to MacBook users after identifying a bug that poses a high risk to Mac users, following Apple’s iOS 16.5.1 update. The vulnerability in Apple Safari could enable remote attackers to execute arbitrary code on targeted systems, according to the cybersecurity watchdog.

CERT-In, the government’s cybersecurity watchdog, has issued a warning specifically aimed at MacBook users, following Apple’s release of the iOS 16.5.1 update. This update addressed two significant security vulnerabilities and introduced additional features for iPhones. However, CERT-In has identified a bug that poses a substantial risk to Mac users, giving it a high severity rating.

The government body has released information regarding a recently discovered security flaw, identified as CVE-2023-32439, which affects versions of Apple Safari prior to 16.5.1 on macOS Monterey. According to the CERT-In, this vulnerability in Apple Safari has the potential to enable remote attackers to execute arbitrary code on targeted systems.

CERT-In further explains that the presence of this vulnerability in Apple Safari is a result of a confusion error within the WebKit component. Additionally, CERT-In highlights that attackers can exploit this flaw by convincing victims to open a specifically crafted file or application.

The post Safari users easily hacked. Mac users advised to remove browser. appeared first on Apple authority.

News from WWDC

Leif Jensen — Mon, 05 Jun 2023 23:16:09 +0000

Apple’s keynote at WWDC was a disappointment:

Apple showed off its new AR Glasses, which will launch next year. The glasses will cost a wopping $3,500 and offer augmented reality experiences. They also have a battery life of two hours and need a battery pack that hangs from the headset with a cable.
Apple also revealed the new MacBook Air 13 and 15 with the M2 chip. The laptops are overpriced and underwhelming, as they still use outdated LCD screens instead of OLED. They also keeps the annoying notch design that wastes screen space and looks terrible.
Moreover, Apple announced some desktop models with the M2 chip and 24-core graphics. One of them has PCI slots for expansion, but it does not support any decent GPUs from other vendors. The only GPU options are Apple’s own weak integrated graphics with 60 or 72 cores

The post News from WWDC appeared first on Apple authority.

Apple Q2 2023 Mac sales down 31% from prior year

Leif Jensen — Fri, 05 May 2023 19:01:06 +0000

Apple (AAPL) released its earnings report for Q2 2023. Apple’s earnings report revealed that Mac sales were down 31 percent from last year.

Unlike Mac, iPhone had an ok quarter for Apple, powered by the strength of China’s economy and market. Apple also announced a $90 billion addition to its stock buyback program.

The post Apple Q2 2023 Mac sales down 31% from prior year appeared first on Apple authority.