1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Mac and iOS security flaw could expose your Siri conversations b

    From TechnologyDaily@1337:1/100 to All on Thu Oct 27 17:30:03 2022
    Mac and iOS security flaw could expose your Siri conversations but theres a fix

    Date:
    Thu, 27 Oct 2022 16:08:54 +0000

    Description:
    Heres a good reason to update to the latest version of macOS or iOS if you
    use Bluetooth headphones and Siri.

    FULL STORY ======================================================================

    A worrying issue whereby those using macOS and iOS devices might have their conversations with Siri snooped on and recorded by a malicious third-party in certain circumstances has fortunately been patched out by Apple.

    This was a serious flaw impacting Mac and iPhone or iPad owners, and it was discovered by app developer Guilherme Rambo, as Apple Insider reports. Rambo found that any app with Bluetooth access could exploit the security hole and eavesdrop on the users Siri exchanges when using AirPods or a Beats headset (with Bluetooth connections).

    Rambo explains : Finding out that I could get audio from AirPods without asking for permission to use the microphone on macOS was the first step.

    The developer than performed the same tricks on the iPhone and iPad,
    receiving audio of the users conversations (which the dev first thought might be encrypted, but turned out not to be).

    Crucially, this flaw could be exploited by any piece of software with Bluetooth permission granted, and it happens with no request to access the mic, or any other clue to suggest to the user that anything untoward might be going on.

    Rambo let Apple know about the issue on August 26 whereupon the company started an investigation process, subsequently implementing a fix (for vulnerability CVE-2022-32946) in the freshly arrived iOS 16.1 (and latest macOS build). Analysis: Bug squashed and bounty received

    Its good news that this problem has been fixed before it became common knowledge, naturally, but we have no idea if the exploit might actually have been leveraged by a hacker anywhere to date. Hopefully not, and at least someone on the light side of the security fence brought it to Apples
    attention to get the fix deployed.

    Obviously this is a good reason to grab the latest update for iOS and macOS, and bugs like these getting resolved are precisely why you should ensure updates are applied in a timely manner.

    It doesnt necessarily pay to jump on any given update within hours of it
    being released early adopters can be testing the waters for unexpected problems which are introduced, of course but you shouldnt leave it too long before applying security updates in particular.

    Rambo received $7,000 (US) for reporting the bug to Apple, and as seen on Twitter , there are some who think thats a little on the stingy side observing that this is the reason sometimes folks go elsewhere with this kind of finding, rather than directly to the affected company. A worrying thought to end on



    ======================================================================
    Link to news story: https://www.techradar.com/news/mac-and-ios-security-flaw-could-expose-your-sir i-conversations-but-theres-a-fix/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)