Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on some of the inner workings of iOS 10...

Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. Related Posts Apple Launches Bug Bounty with Maximum $200,000 Reward...

LAS VEGAS—Apple closed out Black Hat today with a long-awaited announcement that next month it will launch a bug bounty. The Apple Security Bounty will be an invitation-only program, open to two dozen researchers at the outset, said Ivan Krstic, head of security engineering and architecture. The maximum payout is $200,000 and five classes of...

Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more. Download: Threatpost_Black_Hat_2016_Preview.mp3 Music by Chris Gonsalves

Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS. The OS X update graduates the desktop and server operating system to OS X El Capitan v10.11.6 and applies to anyone running OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, or OS X...

Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker Patrick Wardle. Affected are 3.x versions of the Little...

Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware. Last night, Apple released an advisory warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was available—AirPort Base Station Firmware Update 7.6.7 and 7.7.7—and should be applied immediately....

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves

Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device. Researcher Chilik Tamir of mobile security company Mi3 Security disclosed last week...

Jon Callas, equal parts security entrepreneur and innovator, has been hired at Apple for what will be his third stint with the company. Callas left Silent Circle, a company he cofounded, in April after four years there. Silent Circle designs and produces secure communication platforms, including the Blackphone and Silent Phone mobile devices, Silent OS...