All posts tagged: mobile security

Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks

Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks

Image: ink drop/Adobe Stock Apple has rolled out emergency updates to patch two serious security flaws that were actively being exploited in highly targeted attacks on iPhones and other Apple devices. The fixes, released on April 16 as part of iOS 18.4.1 and macOS Sequoia 15.4.1, address zero-day vulnerabilities. Apple said these bugs were used in an “extremely sophisticated attack against specific targeted individuals on iOS.” Inside the iOS and macOS vulnerabilities The two bugs, tracked as CVE-2025-31200 and CVE-2025-31201, affect Apple’s software’s CoreAudio and RPAC components. CVE-2025-31200 (CoreAudio): This bug allows hackers to take control of a device simply by tricking it into processing a malicious media file. Apple credited the discovery to its internal team and researchers from Google’s Threat Analysis Group — a unit known for tracking advanced cyberattacks, often linked to government actors. CVE-2025-31201 (RPAC): This flaw affects a security mechanism called Pointer Authentication, designed to prevent memory attacks. Hackers who have read and write access to a device could bypass this protection and hijack the system. Apple found and fixed …

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

This Motorola Moto G Power 5G shows the midnight blue color option. Image: Amazon New Android malware is using Microsoft’s .NET MAUI to fly under the radar in a new cybersecurity dust-up this week. Disguised as actual services such as banking and social media apps targeting Indian and Chinese-speaking users, the malware is designed to gain access to sensitive information. Cybersecurity experts with McAfee’s Mobile Research Team say that, while the threat is currently aimed at China and India, other cybercriminal groups could easily adopt the same method to target a broader audience. .NET MAUI’s hidden danger: Bypassing security Microsoft launched .NET MAUI in 2022, a framework that lets developers build apps for both desktops and phones using C#, replacing the now retired Xamarin tool. The intent of .NET MAUI was to make it easier to create apps that work across different platforms. Typically, Android apps are built with Java or Kotlin, and their code is stored in a format called DEX (Dalvik Executable); Android security systems are designed to scan these DEX files for …

A Major Privacy Upgrade is Coming Soon

A Major Privacy Upgrade is Coming Soon

Image: vinnikava/Envato Elements Cross-platform encrypted messaging between iPhone and Android is coming soon, thanks to updated Rich Communication Services (RCS) standards. The GSM Association has announced that the latest RCS specifications now include end-to-end encryption based on the Messaging Layer Security protocol. This breakthrough, initially teased back in September, will finally allow secure, encrypted messaging between different mobile platforms. This is a huge privacy win — end-to-end encryption (E2EE) means nobody else can see your messages, not even your cell carrier or the companies that make the messaging apps. According to the GSMA, they developed this new RCS standard by bringing everyone to the table: mobile carriers, device makers, and tech companies, including Apple. GSMA Technical Director Tom Van Pelt wrote on his organization’s site that, “…RCS will be the first large-scale messaging service to support interoperable E2EE between client implementations from different providers. Together with other unique security features such as SIM-based authentication, E2EE will provide RCS users with the highest level of privacy and security for stronger protection from scams, fraud and other …

Billions of Devices at Risk of Hacking Due to Hidden Commands

Billions of Devices at Risk of Hacking Due to Hidden Commands

Tarlogic team giving their presentation during RootedCON. Image: Tarlogic Billions of devices worldwide rely on a widely used Bluetooth-Wi-Fi chip that contains undocumented “hidden commands.” Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls. ESP32, manufactured by a Chinese company called Espressif, is a microcontroller that enables Bluetooth and Wi-Fi connections in numerous smart devices, including smartphones, laptops, smart locks, and medical equipment. Its popularity is partly due to its low cost, with units available for just a few dollars. Must-read security coverage Hidden Bluetooth commands and potential exploits Researchers at security firm Tarlogic discovered 29 undocumented Host Controller Interface commands within the ESP32’s Bluetooth firmware. These commands enable low-level control over some Bluetooth functions, such as reading and writing memory, modifying MAC addresses, and injecting malicious packets, according to Bleeping Computer, which attended Tarlogic’s presentation at RootedCON. SEE: Zscaler Report: Mobile, IoT, and OT Cyber Threats Surged in 2024 While these functions aren’t inherently malicious, bad actors could exploit them to stage impersonation attacks, introduce and hide …

Protect 3 Devices With This Maximum Security Software

Protect 3 Devices With This Maximum Security Software

TL;DR: Protect your privacy on three devices with a 1-year subscription to Trend Micro Maximum Security for $19.99 (reg. $49.99). Cyber threats have become more sophisticated, and even cautious users can find themselves vulnerable to ransomware attacks, phishing schemes, and identity theft. A single click on the wrong link or a cleverly disguised email can lead to encrypted files, stolen credentials, or compromised accounts. Tech-savvy users know how to spot the signs of a scam or avoid malware, but skilled tech users also know it’s easier to invest in tools that keep you from being hyper-vigilant. Trend Micro Maximum Security defends against ransomware, phishing, and identity theft. It protects your documents from unauthorized encryption, backs up locked files, detects spam and phishing scams, and it’s $20 for one year on three devices. What does Trend Micro do? Trend Micro gives you tools to identify dangerous links in emails and social media so you can browse confidently. Parental controls help give you peace of mind by letting you restrict access to unsuitable websites and monitor desktop …