By Christian Zibreg on Oct 23, 2015
Facebook announced yesterday it is now including public posts into search results while bringing personalized suggestions and highlighting popular stories with expanded search functions.
“Today, we’re updating Facebook Search so that in addition to friends and family, you can find out what the world is saying about topics that matter to you,” wrote the social networking firm.
Enhanced search features are currently available across Facebook for iPhone, Android and on the web, to US English users only. Read More
By Cody Lee on Oct 20, 2015
Apple on Tuesday provided a statement to The Washington Post, voicing its opposition to the proposed CISA bill. The legislation, which spelled out reads the Cybersecurity Information Sharing Act, is expected to be voted on by the Senate within the next few days.
“We don’t support the current CISA proposal,” Apple told The Post, reiterating its position on the privacy and trust of iOS and Mac users. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.” Read More
By Cody Lee on Oct 20, 2015
Late Monday, Apple filed a brief with a federal magistrate judge in Brooklyn, New York, reiterating its inability to unlock its devices. As it has before, the company told the judge that accessing data stored on a locked device running iOS 8 or later is technically impossible, due to strengthened encryption methods. Read More
By Christian Zibreg on Oct 19, 2015
In addition, the offending apps, which obviously went under the radar of Apple’s App Store editorial team, have been found to collect other personally identifying information that can be used to track users. Read More
By Christian Zibreg on Oct 15, 2015
AgielBits’ popular password-management utility, 1Password, was refreshed in the Mac App Store today with several notable enhancements. For starters, the app has brought out a new large type option to make those passwords easier to read on huge monitors and Macs with high-resolution Retina screens.
People who happen to manage multiple vaults in 1Password should jump with joy as they can at last change passwords for secondary vaults, too.
The top layout view has seen some changes as well with rich item icons and customizable columns. Last but not least, 1Password 5.4 for Mac includes security updates to address the dreaded XARA vulnerabilities. Read More
By Christian Zibreg on Oct 5, 2015
Just as all the hoopla surrounding the XcodeGhost attack appears to have died down, security researchers over at Palo Alto Networks have identified a new type of harmful malware.
Dubbed YiSpecter, it can install itself on both jailbroken and non-jailbroken iOS devices and is the first iOS malware that exploit Apple’s private APIs to implement malicious functionalities.
Here’s everything you need to know about this new type of attack, what Apple is saying about the malware and what you can do in order to protect your devices from becoming infected with YiSpecter. Read More
By Christian Zibreg on Oct 1, 2015
iOS 9.0.2 has patched a potentially disturbing vulnerability which allowed malicious users who have access to your device to use Siri from the Lock screen in order to browse your photos and contacts.
According to Apple’ official iOS 9.0.2 release notes, the software has fixed the issue which allowed access to photos and contacts on a locked device by “restricting options offered on a locked device.”
The vulnerability was left unpatched in iOS 9.0 and iOS 9.0.1 and affected the iPhone 4s and later, fifth-generation iPod touch and later and iPad 2 and later. Read More
By Christian Zibreg on Sep 29, 2015
iOS 9.0.1 increases your security by defaulting to 6-digit passcodes on Touch ID devices. “If you use Touch ID, it’s a change you’ll hardly notice,” says Apple.
Compared to 4-digit passcodes which have 10,000 possible combinations, their 6-digit counterparts strengthen your security with one million possible combinations, meaning 6-digit passcodes will be a lot tougher to crack.
Non-Touch ID iPhones and iPads still default to less secure 4-digit passcodes, however. You can enable a 6-digit passcode with a quick trip to Settings, here’s how. Read More
By Christian Zibreg on Sep 29, 2015
Apple on Tuesday refreshed the Privacy section of its website with new information on what “we do and don’t collect.” In a post titled “Apple’s commitment to your privacy,” Apple CEO Tim Cook explains the great lengths his company goes in order to protect your private data from prying eyes.
Among other things, Apple’s approach to protecting your privacy entails employing strong encryption and strict policies that govern how all data is handled. Read More
By Christian Zibreg on Sep 28, 2015
The App Store offers several high-quality apps that help you create strong passwords for various services, manage your passwords and synchronize them between devices with ease, AgileBits’ freemium 1Password being perhaps the most popular one.
But there’s now a brand new password manager on the block which takes a clever approach to securing all your online accounts with strong passwords but without having to actually remember them.
How about re-creating passwords from recipes?
Welcome to Naranja Studio’s Password Chef, a novel $2.99 app for the iPhone, iPod touch and iPad which takes advantage of unique recipes to basically turn any site name into an easy-to-recall password, canceling the need for additional software or devices. Read More
By Christian Zibreg on Sep 24, 2015
Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.
In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.
“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”
Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store. Read More
By Christian Zibreg on Sep 23, 2015
The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.
Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it. Read More
By Christian Zibreg on Sep 22, 2015
A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.
The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.
As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.
This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with. Read More
By Timothy Reavis on Aug 24, 2015
The concept of privacy has shifted from the connoted right it once was to a fading dream. Where family discussions once never left the dinner table, what a person does and thinks are now plastered across social media in a way once deemed unthinkable because it simply “wasn’t anyone’s business” not that long ago. Now, everything is everyone’s business, and this change in culture has come about largely if not solely because of technology.
Sure, social media has played a large part in changing the way people share information, making what was once personal now more or less public domain. However, there are more subtle forces at work. One common instance many people overlook is the simple request of an app to access your phone’s contacts.
By Christian Zibreg on Jul 22, 2015
HomeKit, Apple’s platform for the connected home, sounds terrific on paper. In reality, HomeKit is like CarPlay, another Apple platform plagued with slower than expected rollout.
There are currently only five HomeKit-compatible accessories on the market: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.
A new report alleges that wider HomeKit adoption is being held back by Apple’s stringent encryption requirements. Apparently, Bluetooth chips currently available on the market and certified for HomeKit just can’t handle Apple’s super strong encryption without degrading the experience.
As Forbes reported Wednesday, Apple imposes a high level of encryption on HomeKit accessory makers in order to prevent eavesdropping and protect the privacy of its users. Apple’s focus on privacy, however, has created unacceptable levels of lag in prototype Bluetooth products whose chips have sub-par processing capability. Read More
By Cody Lee on Jun 24, 2015
Apple is quietly moving to prevent app developers from accessing app download data for ad targeting purposes, reports The Information. The move is part of the company’s recent, and very public, push for greater user privacy.
As most of you are probably aware, major apps like Facebook and Twitter will scan a user’s device for information on the app’s they have installed. This way, they can show users advertisements that better match their interests. Read More
By Christian Zibreg on Jun 22, 2015
A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.
Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more. Read More
By Christian Zibreg on Jun 17, 2015
Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple’s iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple’s desktop and mobile operating systems.
As discovered by a team of researchers at Indiana University, Georgia Tech and China’s Peking University and reported by The Register, Keychain’s access control lists, URL schemes and OS X’s app containers contain flaws creating serious attack vectors. Read More
By Christian Zibreg on Jun 10, 2015
A serious bug in Apple’s stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.
Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.
The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.
While such emails look like they’re coming from a real company, they’re spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside. Read More
By Cody Lee on Jun 2, 2015
Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC’s Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior “corporate leadership.”
Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google. Read More