Apple is under fire for kowtowing to Beijing and removing references to Taiwan in the localized versions of iOS 13 for Hong Kong and Macau in China. Yes, the same China that just pressured America's NBA into issuing a groveling apology for a team manager's tweet in support of Hong Kong. The same China that loves to censor any …

RoundupHere's the latest security news in handy digest form of stories you may have missed over the last week. NordVPN bug causes connection confusion Reg reader Tony H writes in to tell us of an interesting security bug that arises when running NordVPN in tandem with the Cloudflare 1.1.1.1 WARP service in iOS. The end result is a …

MacOS network admins are being advised to update their copies of the Jamf Pro management software following the disclosure of a critical security flaw. The Jamf Pro 10.15.1 update includes among its fixes a patch for a security flaw that, depending upon the version being used, could allow for file deletions or remote code …

A programmer claims to have found a way to execute arbitrary code on recent-ish iPhones and iPads, paving the way for full-blown tethered jailbreaks. And, we're told, it is impossible for Apple to block these shenanigans as it involves a vulnerability baked into the devices' immutable Boot ROM. Specifically, the coder, who …

Yesterday El Reg wrote about the frustrating syncing failures plaguing FitBit gadgets over the past four or so weeks. Unlucky punters say that, since a mid-August Android app and firmware update was released, they have been unable to get their wearable fitness trackers to link up consistently with their handsets over the air, …

VideoApple's very latest version of iOS appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware. Researcher Jose Rodriguez told The Register that back in July he discovered how the then-beta-now-gold version of iOS 13 could be fooled into showing an iPhone's address book without …

AnalysisFacebook has been caught bending the truth again – only this time it has been forced to out itself. For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell …

Bug-broker Zerodium says it will cough up as much as $2.5m in exchange for techniques to silently and remotely hijack Android devices via critical vulnerabilities, signaling a major change in the pricing of security holes. A new payment structure revealed on Tuesday made clear that flaw-hunters who hook Zerodium up with proof- …

UpdatedGoogle's Project Zero says more than a dozen iOS flaws that Apple patched back in February had been under attack for years. Zero team bug hunter Ian Beer explained how the collection of fourteen vulnerabilities in various components of the OS, ranging from the browser to the kernel, were chained together to covertly launch …

Apple has issued an update to address a potentially serious security flaw it re-opened in the latest version of iOS. Monday's iOS 12.4.1 update contains a single fix: a patch to address CVE-2019-8605. The use-after-free vulnerability would let an application gain the ability to execute arbitrary code with system privileges. …

iPhone hackers have discovered Apple's most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings. Pwn20wnd, the developer of the iPhone jail-breaking tool unc0ver, says the newest version of their …

RoundupHere is a quick roundup of the recent happenings in the world of computer security beyond what we've already reported. Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences. Amazon closes one open …

RoundupHere's a quick summary of what's been happening in the infosec world lately, beyond what we've already reported. Louisiana declares state of emergency over ransomware A massive ransomware infection spreading among Louisiana school districts has caused the governor to declare a state of emergency – a designation usually …

A Russian software developer, currently under American sanctions for its purported role in the Kremlin's interference with the 2016 US elections, is now selling spyware to governments. Researchers at security house Lookout today reported [PDF] that St Petersburg-based Special Technology Centre (STC) is developing and …

On Monday Apple released a fresh round of security fixes for a load of its operating systems and applications. The July patch batch addresses vulnerabilities in iOS, MacOS, Safari, watchOS, and tvOS, though many of the updates are for common components across each of the platforms, such as the WebKit browser engine. These …

A team of US academics have proposed a simple method to defeat the Bluetooth LE standard's anti-tracking measures. David Strobinski, David Li, and Johannes Becker at Boston University told The Register how they found that the MAC randomization system of Bluetooth LE, designed to thwart the tracking of devices, transmits …

Cisco has delivered a bundle of 17 security updates to address 18-CVE-listed vulnerabilities in its networking and communications gear. Switchzilla has classified 10 of the fixed bugs as high security issues, with exploits leading to everything from command and code execution to denial of service- a particularly serious …

RoundupAs June turns over to July, here are some additional bits of security news besides our regular infosec coverage. Trump officials mull: Why not just ban strong encryption? Haven't we done this before? The White House is said to be weighing a plan to force US tech giants, software and hardware makers, and other companies, to …