Apple has yet to patch a major vulnerability that they have known about since January 27 and was exposed at Hack in the Box last week. Using software exposed yesterday at Black Hat Asia, an attacker can swap out legitimate versions of apps, developed with the said certificate, in order to spy on users and gain elevated privileges on the device that expose contacts, messaging, photos, the microphone and more. There are more details to the story here: https://wp.me/p3AjUX-uNh. Here to comment on this news is security expert Kevin Bocek, Chief Security Strategist at Venafi.
Kevin Bocek, Chief Security Strategist, Venafi:
This attack shows just how powerful certificates have become as potential weapons. Cryptographic keys and digital certificates form the foundations of trust online and enable our software and devices to whether something should be trusted or not. Issuing free unvalidated Apple certificates is now a fast-track to enabling malware to installed. There are already well over 20 million malware samples authenticated by digital certificates. Bad guys know what powerful weapons digital certificates have become. It’s past due that we learn from our human immune system and apply that to the digital world to know which certificates should be trusted and who is friend or foe.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…