iOS 9.0.2 fixed vulnerability that allowed Lock screen access to photos and contacts

By Christian Zibreg on Oct 1, 2015

iOS 9.0.2 has patched a potentially disturbing vulnerability which allowed malicious users who have access to your device to use Siri from the Lock screen in order to browse your photos and contacts.

According to Apple’ official iOS 9.0.2 release notes, the software has fixed the issue which allowed access to photos and contacts on a locked device by “restricting options offered on a locked device.”

The vulnerability was left unpatched in iOS 9.0 and iOS 9.0.1 and affected the iPhone 4s and later, fifth-generation iPod touch and later and iPad 2 and later. Read More


How to make your iPhone, iPod touch and iPad more secure with 6-digit passcodes

By Christian Zibreg on Sep 29, 2015

iOS 9.0.1 increases your security by defaulting to 6-digit passcodes on Touch ID devices. “If you use Touch ID, it’s a change you’ll hardly notice,” says Apple.

Compared to 4-digit passcodes which have 10,000 possible combinations, their 6-digit counterparts strengthen your security with one million possible combinations, meaning 6-digit passcodes will be a lot tougher to crack.

Non-Touch ID iPhones and iPads still default to less secure 4-digit passcodes, however. You can enable a 6-digit passcode with a quick trip to Settings, here’s how. Read More


Apple details what it does and doesn’t collect in Privacy website refresh

By Christian Zibreg on Sep 29, 2015

Apple on Tuesday refreshed the Privacy section of its website with new information on what “we do and don’t collect.” In a post titled “Apple’s commitment to your privacy,” Apple CEO Tim Cook explains the great lengths his company goes in order to protect your private data from prying eyes.

Among other things, Apple’s approach to protecting your privacy entails employing strong encryption and strict policies that govern how all data is handled. Read More


Review: Password Chef—enjoy untethered password entry with recipes

By Christian Zibreg on Sep 28, 2015

The App Store offers several high-quality apps that help you create strong passwords for various services, manage your passwords and synchronize them between devices with ease, AgileBits’ freemium 1Password being perhaps the most popular one.

But there’s now a brand new password manager on the block which takes a clever approach to securing all your online accounts with strong passwords but without having to actually remember them.

How about re-creating passwords from recipes?

Welcome to Naranja Studio’s Password Chef, a novel $2.99 app for the iPhone, iPod touch and iPad which takes advantage of unique recipes to basically turn any site name into an easy-to-recall password, canceling the need for additional software or devices. Read More


Apple lists top 25 apps infected by XcodeGhost

By Christian Zibreg on Sep 24, 2015

Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.

In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.

“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”

Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store. Read More


Apple to offer local Xcode downloads in China, posts official XcodeGhost malware FAQ

By Christian Zibreg on Sep 23, 2015

The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.

Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it. Read More


Apple educates developers on validating Xcode downloads following XcodeGhost malware attack

By Christian Zibreg on Sep 22, 2015

A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.

The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.

As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.

This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with. Read More


Privacy is more dead than we think

By Timothy Reavis on Aug 24, 2015

The concept of privacy has shifted from the connoted right it once was to a fading dream. Where family discussions once never left the dinner table, what a person does and thinks are now plastered across social media in a way once deemed unthinkable because it simply “wasn’t anyone’s business” not that long ago. Now, everything is everyone’s business, and this change in culture has come about largely if not solely because of technology.

Sure, social media has played a large part in changing the way people share information, making what was once personal now more or less public domain. However, there are more subtle forces at work. One common instance many people overlook is the simple request of an app to access your phone’s contacts.

Read More


Apple’s focus on privacy slowing HomeKit rollout as cutting-edge encryption produces unacceptable lag

By Christian Zibreg on Jul 22, 2015

HomeKit, Apple’s platform for the connected home, sounds terrific on paper. In reality, HomeKit is like CarPlay, another Apple platform plagued with slower than expected rollout.

There are currently only five HomeKit-compatible accessories on the market: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.

A new report alleges that wider HomeKit adoption is being held back by Apple’s stringent encryption requirements. Apparently, Bluetooth chips currently available on the market and certified for HomeKit just can’t handle Apple’s super strong encryption without degrading the experience.

As Forbes reported Wednesday, Apple imposes a high level of encryption on HomeKit accessory makers in order to prevent eavesdropping and protect the privacy of its users. Apple’s focus on privacy, however, has created unacceptable levels of lag in prototype Bluetooth products whose chips have sub-par processing capability. Read More


Apple moving to prevent developers from accessing app data for ad targeting

By Cody Lee on Jun 24, 2015

Apple is quietly moving to prevent app developers from accessing app download data for ad targeting purposes, reports The Information. The move is part of the company’s recent, and very public, push for greater user privacy.

As most of you are probably aware, major apps like Facebook and Twitter will scan a user’s device for information on the app’s they have installed. This way, they can show users advertisements that better match their interests. Read More


Apple issues Mac App Store patch for XARA exploits as additional fixes are ‘in progress’

By Christian Zibreg on Jun 22, 2015

A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.

Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more. Read More


Major security flaws leave iOS and OS X vulnerable to wide ranging password theft

By Christian Zibreg on Jun 17, 2015

Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple’s iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple’s desktop and mobile operating systems.

As discovered by a team of researchers at Indiana University, Georgia Tech and China’s Peking University and reported by The Register, Keychain’s access control lists, URL schemes and OS X’s app containers contain flaws creating serious attack vectors. Read More


Flaw in Mail for iPhone and iPad can be used to hijack your iCloud password

By Christian Zibreg on Jun 10, 2015

A serious bug in Apple’s stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.

Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.

The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.

While such emails look like they’re coming from a real company, they’re spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside. Read More


Tim Cook takes jabs at Google and Facebook in speech about privacy and security

By Cody Lee on Jun 2, 2015

Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC’s Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior “corporate leadership.”

Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google. Read More


Good deal: 74% off a lifetime of online privacy protection from Blur

By iDB Deals on May 19, 2015

An all-in-one solution for online privacy, Blur protects you from credit card fraud, identity theft, and third-party monitoring. Get a lifetime subscription to Blur from iDownloadBlog Deals today for just $49.99. Read More


Apple moves to remove its customer data from RadioShack sale

By Christian Zibreg on May 14, 2015

In another showing of its commitment to protecting the privacy of its users, Apple has intervened in the sale of Radio Shack, which recently filed for bankruptcy, arguing that any information collected during the sale of its own products at RadioShack locations should be left out of the deal.

As noted by Law360 earlier this week, Apple, AT&T and others have objected to the potential sale of their customers’ data. The iPhone maker reportedly said that the fallen electronics retailer “doesn’t have the right to sell Apple customer information.” Read More


Tim Cook: there is no reason why you would have to choose between privacy and security

By Oliver Haslam on Feb 28, 2015

Apple CEO Tim Cook is on the final leg of his tour of Isreal and Europe and has been speaking to UK publication The Telegraph about a range of things including Apple customers’ privacy and of all things, terrorism.

Known for his unusual stance on privacy – one which doesn’t jive with other high profile tech executives who are happy to share everything about you – Cook told the publication during an interview that he feels people’s information is being “trafficked around” in ways that they just don’t yet understand. Read More


Apple Pay gets major backing from US Government

By Sébastien Page on Feb 13, 2015

As Apple CEO Tim Cook spoke at the President Obama’s Summit on Cybersecurity on Friday, the White House announced that Apple Pay will be enabled for federal payment cards, including Social Security and veterans benefits that are issued via debit cards.

The news represents a major vote of confidence for Apple Pay and Apple in general. While it shouldn’t be considered a proper endorsement from the White House, it is still a major win for Apple. Read More


Apple enables two-step verification for FaceTime and iMessages

By Cody Lee on Feb 12, 2015

Apple has enabled two-step verification for its FaceTime and iMessage services, The Guardian reported on Thursday. The move will force users who have the authentication system enabled to input an app-specific password when logging into either of the two services.

For those unfamiliar with the term, two-step verification is an opt-in system that adds an additional layer of security to Apple ID accounts. It requires users to input authentication codes when logging into iCloud on new devices, the web, and now iMessage and FaceTime. Read More


Poll: should Apple add multi-user access to iOS?

By Christian Zibreg on Jan 21, 2015

Yesterday, I stumbled upon an intriguing post over at The Loop which I felt raised a valid point about multi-user access in iOS, or the lack of.

It’s especially relevant in light of the fact that Android Lollipop enables multi-user support on phones.

Tablets, of course, have had this for nearly three years with Jelly Bean and up. Now, adding the ability to share your iPhone or iPad with someone else isn’t as trivial as it may appear at first sight as there are many technical hurdles to overcome.

On the other hand, can anyone imagine Apple not working on solving this pain point for its users? I mean, OS X supports multiple user accounts by design and iOS is basically a slimmed down version of OS X.

Anyways, is multi-user access one of those features the company should prioritize for the next major refresh of iOS, do you think? Read More

Page 112345...