The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data. Back in 2017, the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of how it collects telemetry metadata. After some back and forth with the regulator, Microsoft made changes to how the software operates in April last year — and it was in the course of testing those changes that the Dutch agency found fresh reasons for concern, discovering what it calls in a press release “new, potentially unlawful, instances of personal data processing”. Since the agency’s investigation of Windows 10 started a new privacy framework is being enforced in Europe — the General Data Protection Regulation (GDPR) — which means Microsoft’s lead EU privacy regulator is the Irish Data Protection Commission (DPC), where its regional HQ is based. This is why the Dutch agency has referred to its latest concerns to Ireland. It will now be up to the Irish DPC to investigate Windows 10, adding to its already hefty stack of open files on multiple tech giants’ cross-border data processing activities since the GDPR came into force last May. The regulation steps up the penalties that can be imposed for violations. A spokeswoman for the Irish DPC confirmed to TechCrunch that it received the Dutch agency’s concerns last month. “Since then the DPC has been liaising with the Dutch DPA to further this matter,” she added. “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.” Continue reading at OUR FORUM.

Apple released iOS 12.4.1 today to fix a security flaw reintroduced with the release of iOS 12.4 and used by security researcher Pwn20wnd to develop and release a jailbreak tool for up-to-date iOS devices. The vulnerability patched today by Apple is a use after free tracked as CVE-2019-8605 targeted by the Sock Puppet exploit that was used to create jailbreak tools for iOS devices. The flaw was discovered by Google Project Zero's Ned Williamson, was previously patched by Apple with the iOS 12.3 release from May 13, and was now re-patched in iOS 12.4.1. As Apple's support document describing the security content of iOS 12.4.1 says, the flaw could have been abused by malicious applications which then could have been "able to execute arbitrary code with system privileges." The use after free security issue was addressed by Apple with the introduction of improved memory management thus blocking the access of maliciously crafter apps to pointers that have already been freed. Apple acknowledged Google Project Zero's Ned Williamson contribution in finding and fixing this security issue and provided additional recognition for Pwn20wnd's assistance. Besides allowing jailbreak developers to add support for Apple's latest iOS versions, the flaw fixed today by Apple is also a critical vulnerability that can open the doors to attackers targeting the company's large iOS user base. Follow this on OUR FORUM.