TechApprise
28/08/2020
Users of Apple Safari browser are at risk! A bug in Apple's Safari browser could be abused by hackers to leak or steal files from the devices of Mac and iOS users according to a new report from a security researcher. Co-founder of the Polish security firm REDTEAM.PL, Pawel Wylecial, first discovered the bug back in April and reported it to Apple. However, he decided to go public with his findings after the iPhone maker decided to delay patching the bug until the spring of 2021.
Wylecial says the bug resides in Safari's implementation of the Web Share API which is a new web standard that allows for cross-browser sharing of text, links, files and other content. Apple's browser allows users to share files that are stored locally on both their iOS or macOS devices. However, this feature could exploited by malicious web sites that secretly steal files from a user's device when they try to share an article or other content online using Safari.
Although Wylecial has described the bug as “not very serious” due to the fact user interaction and complex social engineering are both required to trick users into leaking local files, he also pointed out that it would be quite easy for an attacker “to make the shared file invisible to the user”. While the Web Share API bug is certainly concerning, so too is the way in which Apple handled Wylecial's bug report.
Typically security researchers give companies a 90-day vulnerability disclosure deadline before going public with their findings but by putting off patching the issue until the spring of next year, Apple forced Wylecial's hand when it came to disclosing the vulnerability publicly. As for the bug itself, Wylecial said that iOS versions 13.41 and 13.6, as well as macOS Mojave 10.14.16 with Safari 13.1 and macOS Catalina 10.15.5 with Safari 13.1.1, are all affected and there is currently no fix available for the issue.
27/08/2020
New Zealand’s stock exchange under cyber attack for the second day running! The NZX exchange went offline at 11.24am on Wednesday and although some connectivity was restored for investors, some trading was halted. The NZX said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.
However it then announced that those areas would resume trading with the rest of the market at 3pm on Wednesday. The interruption followed a shutdown and trading halt on Tuesday afternoon due to an overseas-based distributed denial of service (DDoS) attack. The incident follows a number of alleged cyber attacks by foreign actors, such as the targeting of a range of government and private-sector organisations in Australia.
In a statement earlier on Wednesday, the NZX blamed Tuesday’s attack on overseas hackers, saying that it had “experienced a volumetric DDoS attack from offshore via its network service provider, which impacted NZX network connectivity”. It said the attack had affected NZX websites and the markets announcement platform, causing it to call a trading halt at 3.57pm. It said the attack had been “mitigated” and that normal market operations would resume on Wednesday, but this subsequent attack has raised questions about security.
Prof Dave Parry, of the computer science department at Auckland University of Technology, said it was a “very serious attack” on New Zealand’s critical infrastructure. He warned that it showed a “rare” level of sophistication and determination, and also flagged security issues possibly caused by so many people working from home.
www.techapprise.com
Click here to claim your Sponsored Listing.
Category
Website
Address
Mumbai