The iOS app store has traditionally been viewed as a safe source of apps, thanks to Apple’s policing of its walled garden. However, that is no longer completely the case, thanks to the discovery of multiple legitimate apps in the iOS app store that contained malicious code, which was dubbed XcodeGhost. So, how did XcodeGhost…
Read MoreOur investigation on the iOS Quicksand vulnerability (designated with CVE-2015-5749) leads us to the conclusion that this security gap, despite its serious risks to confidential data, is difficult to exploit due to its required specific conditions. For instance, the MDM product must support and use the “push configuration” feature; this feature normally allows a device administrator…
Read MoreA critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week. According to his research, any attacker can disable the BIOS lock just by taking advantage of a flaw in Apple’s S3 sleep state (more known as ‘standby mode’) suspend-resume implementation. Once an attacker does this, he can install bootkit malware onto a Mac BIOS without…
Read MoreSecurity researchers and news outlets are reporting about a newly discovered vulnerability believed to exist since the 90s. This vulnerability, dubbed as FREAK (Factoring RSA Export Keys), forces a secure connection to use weaker encryption—making it easy for cybercriminals to decrypt sensitive information. Vulnerable since the 1990s The flaw came about in the 1990s. Back…
Read MoreIn our continued research on Operation Pawn Storm, we found one interesting poisoned pawn—spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack. Trend Micro™ Mobile Security detects and removes this threat. Download the app from the App…
Read More