InfoSecBulletin Cybersecurity for mankind
Apple opposes the UK government’s idea to pre-approve new security features from tech companies. If the UK Home Office rejects an update, it cannot be released in any other country, and the public will not be informed.
The government is seeking to update the Investigatory Powers Act (IPA) 2016. The Home Office said it supported privacy-focused tech but added that it also had to keep the country safe.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
A government spokesperson said: “We have always been clear that we support technological innovation and private and secure communications technologies, including end-to-end encryption, but this cannot come at a cost to public safety.”
The House of Lords will discuss the proposed changes tomorrow. Apple says the UK government’s actions are unprecedented and too much.
“We’re deeply concerned the proposed amendments to the Investigatory Powers Act (IPA) now before Parliament place users’ privacy and security at risk,” said Apple in a statement.
“It’s an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers.”
BBC report said, “It is critical that decisions about lawful access, which protect the country from child sexual abusers and terrorists, are taken by those who are democratically accountable and approved by Parliament.”
Critics have called the current Act a “snoopers charter”. Apple has previously criticized similar proposals to expand its scope. Apple announced in July 2023 that it might remove services like FaceTime and iMessage from the UK if it had to compromise on future security.
The proposed UK law would cover all Apple products, not just FaceTime and iMessage.
In January, civil liberties groups such as Big Brother Watch, Liberty, Open Rights Group, and Privacy International issued a joint statement opposing certain parts of the bill.
The groups are worried that the proposed changes would make technology companies, even those outside the country, have to tell the government about any plans to enhance security or privacy on their platforms so the government can stop these changes.
“They claimed this would lead to private companies becoming extensions of the surveillance state and undermining the security of devices and the internet.”
The proposed changes are based on a review of current laws. They include updates regarding how intelligence agencies collect data and use internet connection records.
