Today’s topics include Mozilla improving privacy controls in Firefox 65, and IBM warning of an Apple Siri Shortcut risk.
Mozilla released its first web browser update for 2019 on Jan. 29, with the debut of Firefox 65, which improves a number of features and advances user privacy as part of Mozilla’s larger effort to enhance tracking protection for web users.
Mozilla is integrating redesigned controls in the updated browser release to enable users to more easily identify and set the level of privacy protection they want. The “Standard” mode will only block known trackers when a user is running a private window. The “Strict” mode will block all trackers that Firefox detects, which might result in some sites not working properly. The “Custom” mode gives user the choice of what they want to block, including different trackers and cookies.
Mozilla has also improved the Task Manager page in Firefox 65, providing better visibility into how memory is being used for each browser tab.
According to new research published by IBM on Jan. 31, attackers could potentially abuse the Siri Shortcuts feature of Apple’s Siri voice assistant.
Apple introduced Siri Shortcuts with the release of iOS 12, enabling users and developers to use Siri to automate a series of tasks. However, IBM’s X-Force security division discovered that it is possible to use a Siri Shortcut for malicious purposes, including tricking a user into paying a fee to avoid having his or her information stolen in an attack known as scareware.
In a proof-of-concept Siri Shortcuts scareware attack developed by IBM, a malicious shortcut is able to read information from an iOS device and then demand a fee from the user, all with the native Siri voice.
According to John Kuhn, senior security threat researcher for IBM X-Force IRIS, “IBM X-Force has not seen evidence of attacks carried out using this method, but we developed the proof of concept to warn users of the potential dangers.”