This week’s roundup

John Leyden for The Register: Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is ‘insecure’ –  “Hackers can blow holes in Apple’s managed service technology and sneak their own rogue devices onto corporate fleets of mobile iThings.

Weaknesses in Apple’s Device Enrollment Program (DEP) allow the ne’er-do-wells to run targeted attacks on both the networks of the corporate shiny-shiny and the backend systems that support them, researchers at Duo Security warned.”

Charlie Osborne for ZDnet: Android spyware in development plunders WhatsApp data, private conversations – “The malware’s code hosts a variety of surveillance functions and is available to the public.” Based on research by by ESET researcher Lukas Stefanko and G Data.

Rebecca Hill for The Register: Sneaky phone apps just about obey the law, still have no trouble guzzling your data, says Which?

Apps use sneaky tactics to get UK users to hand over more info than they need to – and privacy policies remain long and confusing.

These claims were this week emitted by Brit consumer rights body Which? in a report into data privacy of 29 commonly used Android and iPhone apps released.”

Ionut Ilascu for Bleeping Computer: macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files – “In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book….he’s holding the technical details until his upcoming Mac Security conference that he’s organizing in Maui, Hawaii, in November.” I can just see the sceptical expressions on the faces of security department heads when their researchers tell them they need to go to a conference in Hawaii…

Commentary from Shaun Nichols for The Register: Apple’s dark-horse macOS Mojave is out (and it’s already pwned) – “Wardle claims to topple privacy protections in new OS – which comes with security fixes”

Sophos: Cryptojacking – coming to a server-laptop-phone near you (and how to stop it) – Paul Ducklin’s summary of blockchain and cryptojacking, with particular reference to Android.

David Harley

*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: