In a small update to iOS, Apple has fixed two bugs that allowed someone to bypass the passcode on a locked iPhone.
Duo Labs researchers discovered that Apple was using serial numbers to authenticate devices with its Device Enrollment Program (DEP). If organizations treat DEP as a trust broker and assume DEP-registered devices are trusted, they expose themselves to a variety of risks, including rogue devices receiving internal network configuration settings.
In its latest release of iOS, Apple has included a new feature called Restricted Mode that can prevent USB-based attacks.
A convenient feature in macOS called QuickLook can leak information about files that users preview, even in encrypted containers.
An issue with the way third-party tools implement Apple's code-signing API can allow malicious files to pass as legitimate ones.