Researchers from UC Santa Barbara and Georgia Tech have discovered a fresh class of Android attacks, called Cloak and Dagger, that can operate secretly on a phone, allowing hackers to log keystrokes, install software and otherwise control a device without alerting its owner. Cloak and Dagger exploits take advantage of the Android UI, and they require just two permissions to get rolling: SYSTEM ALERT WINDOW (”draw on top”) and BIND ACCESSIBILITY SERVICE (”a11y”).This concerns researchers because Android automatically grants the draw-on-top permission for any app downloaded from the Play Store, and once a hacker is in, it’s possible to trick someone into granting the a11y permission. A Cloak and Dagger-enabled app hides a layer of malicious activity under seemingly harmless visuals, luring users to click on unseen buttons and keystroke loggers.

Apple on Thursday released a pair of updates for Final Cut Pro and iMovie, addressing a handful of problems and improving the overall stability and performance of both video editing apps. Final Cut Pro version 10.3.4 resolves an issue that presented itself when keyboard shortcuts are used to trim Secondary Storylines, according to release notes supplied alongside the release. The update also fixes issues that result in the introduction of extra audio fade ins when conducting certain editing operations, as well as incorrectly displaying a codec warning in the share dialog. The latest major release of Final Cut Pro arrived last year with the introduction of version 10.3, whoch debuted a refreshed user interface designed specifically for Apple’s new MacBook Pro with Touch Bar. In particular, the app now offers Touch Bar access to editing tools, audio adjustment sliders, clip scrubbing functionality and more.

Until February 28 of this year, anyone could have tweeted from anybody else’s Twitter account exploiting a bug in the social network’s ad service.A security researcher found that a flaw in Twitter Ad Studio, a service that allows advertisers to upload media, allowed a hacker to post tweets as any other user.”By sharing media with a victim user and then modifying the post request with the victim’s account ID the media in question would be posted from the victim’s account,” Twitter wrote in its summary of the bug. In plain English, this means that the attacker simply needed to fiddle with the code that gets sent to Twitter when posting something to trick the social network into posting the tweet as somebody else—all without having to hack anyone’s account.

Samba is a software package for UNIX systems that provides file and printer sharing services via the SMB and CIFS protocols. Samba allows Linux, Mac, FreeBSD users to set up shared folders and access shared folders on Windows computers, acting as a liaison between the UNIX and Windows SMB protocol implementations.According to an advisory released yesterday, Samba software released in the last seven years is vulnerable to a remote code execution vulnerability that allows an attacker to upload and execute code on the user’s machine. Depending on the attacker’s skill, he can easily take over vulnerable devices.The issue, tracked as CVE-2017-7494, affects all versions of Samba from 3.5.0 onwards, and was fixed yesterday when the Samba Team has released Samba 4.6.4, 4.5.10 and 4.4.14 to patch the issue.

A federal appeals court on Tuesday revived a Wikipedia lawsuit that challenges a U.S. National Security Agency (NSA) program of mass online surveillance, and claims that the government unconstitutionally invades people’s privacy rights.By a 3-0 vote, the 4th U.S. Circuit Court of Appeals in Rochmond, Virginia, said the Wikimedia Foundation, whoch hosts the Wikipedia online encyclopedia, had a legal right to challenge the government’s Upstream surveillance program.The decision could make it easier for people to learn whether authorities have spied on them through Upstream, whoch involves bulk searches of international communications within the internet’s backbone of cables, switches and routers.Upstream’s existence was revealed in leaks by former NSA contractor Edward Snowden in 2013.

Apple has reportedly recruited New York media icon Lauren Kern to serve as the first-ever ”editor in chief” for Apple News, possibly hinting at greater ambitions for the app.The duties involved are unknown, and Kern has refused to comment, Politico said on Thursday. Her LinkedIn profile continues to list her as the executive editor for New York Magazine, where she also worked as an editorial director from 2004 to 2010. Between 2010 and 2014, she was a deputy editor at The New York Times Magazine.Apple News launched two years ago as a content aggregator for iPhones and iPads, replacing a failed Newsstand feature. The app comes preinstalled with iOS, but typically doesn’t generate much fanfare from Apple, and has had mixed results for content providers. While The Telegraph has credited it for driving traffic, The Guardian recently withdrew, hoping to improve ad and subscription revenues.