By Christian Zibreg on Oct 21, 2014
Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple’s users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.
The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page. Read More
By Christian Zibreg on Oct 20, 2014
The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.
Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they’re visiting a fake website. Read More
By Cody Lee on Oct 16, 2014
Following the release of OS X Yosemite this afternoon, Apple quickly pushed out iTunes 12.0.1. As you know, Yosemite includes a refreshed edition of iTunes marked as version 12, and this is an update for the folks who are using the new software.
Not much is mentioned in the change log in terms of what’s new in 12.0.1, but it does note that at least one of the changes has to do with security. And given its release time, and .1 build number, we imagine that it includes other bug fixes as well. Read More
By Jeff Benjamin on Oct 8, 2014
If you have two-step verification enabled and you’re currently signed in to a third-party app using your Apple ID password, you’ll need to adjust to a new change starting tomorrow. For security purposes, Apple is introducing app-specific passwords to access iCloud data using third-party apps.
Apple will allow users to generate these app-specific passwords via the Password & Security section of its Apple ID website. Once there, you’ll simply need to click Generate App-Specific Password to create a password for the third-party app that you wish to grant access to your iCloud data. Read More
By Cody Lee on Oct 7, 2014
AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.
Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach. Read More
By Sébastien Page on Oct 1, 2014
Apple recently released a tool that lets anyone check the Activation Lock status of iOS devices. Introduced along iOS 7, Activation Lock is a security feature that prevents anyone from erasing or activating your iOS device without entering your Apple ID and password first. The feature must be disabled before a device is passed or sold to another person. Failure to do so renders the device unusable for the new owner.
With the release of this new tool, Apple wants to make the process of checking for Activation Lock easier, and prevent people from buying a device that might have been locked because it was lost, stolen, or simply because the previous owner forgot remove the device from his account. Read More
By Christian Zibreg on Oct 1, 2014
There’s a new trojan in town, one that attacks jailbroken iPhone, iPod touch and iPad devices.
As discovered by Lacoon, the malicious software dubbed Xsser mRAT uses social engineering to steal valuable data from jailbroken devices by fooling unsuspecting users to tap on an install link in phishing messages from unknown senders.
Created by Chinese hackers, it can extract a vast range of personal information including your iOS address book, SMS messages, call logs, GSM identities, your approximate geographical location (as determined by the cell tower ID), on-device pictures, as well as passwords and other authentication data in the iOS keychains used by your Apple ID, mail accounts and other services. Read More
By Cody Lee on Sep 29, 2014
Apple on Monday delivered the promised update to patch the ‘Shellshock’ Bash bug in OS X. You can download the update manually here, otherwise it should be popping up in the Updates tab of the Mac App Store shortly.
The security flaw was uncovered by security researchers last week and sent much of the Internet into a panic. Affecting the bash command shell in UNIX, the exploit allows for hackers to remotely execute malicious code. Read More
By Christian Zibreg on Sep 29, 2014
QuickType, Apple’s new predictive keyboard featured on the iPhone, iPod touch and iPad devices running iOS 8, is reportedly plagued with a potentially dangerous oversight where the software would suggest parts of your passwords that you previously used on websites, as first reported by French-language blog iGen.fr [Google Translate].
A new thread on Apple’s Support Communities website includes a note by one user who reported the keyboard offering “OrangeJuice” as a suggestion each time he would type in “AppleUser” because QuickType remembered the “OrangeJuice!2” password he previously used to log in to Outlook Web App. Read More
By Christian Zibreg on Sep 26, 2014
A fix for a new kind of exploit recently discovered in the Bash command shell used in multiple versions of Unix is underway, Apple confirmed Friday, adding that the “vast majority” of Mac users are unaffected because OS X is “safe by default” from the so-called ‘Shell Shock’ attacks.
“The vast majority of OS X users are not at risk to recently reported Bash vulnerabilities,” an Apple spokesperson said in a statement quoted by The Verge.
The vulnerability was documented and publicized Thursday by security researchers at RedHat and gained prominences after security expert Robert Graham called it “as big as the Heartbleed bug,” referring to a nasty vulnerability discovered earlier in the year in the OpenSSL software commonly used by nearly two-thirds of servers powering the Internet. Read More
By Christian Zibreg on Sep 25, 2014
A string of bad news for Apple continues with a revelation published Thursday on The Daily Dot that London-based computer security expert Ibrahim Balic gave Apple a heads-up about a vulnerability he had discovered in iCloud, but the company discounted the severity of the issue and ignore the problem for six months.
As you know, the issue blew up in a major way, becoming the topic of late-night shows, after several celebrities with weak Apple ID passwords saw their nude photographs hijacked and posted on the web. Read More
By Christian Zibreg on Sep 25, 2014
A new exploit in the Bash command shell found in many versions of Unix, including Apple’s OS X desktop operating system, makes Mac computers vulnerable to so-called ‘Shell Shock’ attacks, security researchers at RedHat discovered Thursday.
Though the exploit lets attackers run malicious scripts remotely, most people are not at risk unless they’ve manually allowed SSH access from remote connections or a web server running server side scripting.
Here’s how you can check if you’re vulnerable and what you can do in order to avoid ‘Shell Shock’ attacks on your system. Read More
By Alihassan Mahdi on Sep 19, 2014
One of the features that iOS 7 lacks is the ability to control the amount of time your child spends using your device. Parental Controls for iOS is a new jailbreak tweak that aims to bring this highly anticipated feature to jailbroken iOS 7 devices.
Developed by Ge0rges, the tweak allows you to limit the amount of time a person can use your iOS device. Once the time has ended, the user will be automatically be locked out of your device and a pop-up will be displayed with three buttons: ‘Emergency Call’, ‘Add One Hour’ where a person will be allowed to use the device for an extra hour once the parental passcode has been entered and an ‘Ok’ button. The only way your child can gain access to your device once the time limit has been reached is when you choose to add an extra hour. Read More
By Christian Zibreg on Sep 18, 2014
Apple on Thursday released an update to its desktop Safari browser for Macs running OS X Mavericks which contains improvements to compatibility and security while introducing a pair of new options for strengthening your privacy when searching.
The first such feature turns on SSL encryption for all Yahoo searches conducted from Safari’s search field. As a result, no one can eavesdrop on what you’re searching for online.
The other adds DuckGoGo, a search engine that does not track you (Google won’t like this) as a built-in option in the search field. Note that Safari in iOS 8 and OS X 10.10 Yosemite already includes DuckGoGo as an option.
Safari 7.1 has arrived on the heels of yesterday’s OS X Mavericks 10.9.5 update which contains Safari 7.0.6 and improves the stability, compatibility and security of your Mac. Read More
By Cody Lee on Sep 17, 2014
Apple this evening launched a new privacy site in an effort to increase transparency on how it protects user data, and to educate users on how they can better protect themselves. Additionally, Tim Cook has posted an open letter to Apple Customers detailing the various sections of the new site, as well as Apple’s stance on user privacy.
The move follows recent bad publicity for Apple, in which its laxed iCloud security measures were blamed for the hacking of high profile celebrity accounts, which resulted in a slew of nude photos being leaked. The company maintains that its servers were never breached, but Tim Cook promised to double down on security anyway.
By Christian Zibreg on Sep 17, 2014
AgileBits, the maker of the popular password-keeping utility, 1Password, has issued a major new version of the app following Apple’s release of the iOS 8 software update earlier this morning.
1Password 5 for iOS 8 now takes full advantage of Touch ID fingerprint scanning to unlock your vault and comes with a brand new iOS 8 App Extension in Safari and other apps that also uses Touch ID.
The Safari extension is available right in the Share sheet and permits you to fill Logins directly into web pages. Taking advantage of AgileBits’ own proprietary extensions for integrating third-party apps with 1Password, supported apps can now log you in with just a tap. And as you update passwords in these apps, 1Password updates the corresponding item in its database.
As for the price, the new 1Password 5 is a free update to existing users and a freemium download for everyone else, with a one-time In-App Purchase to unlock features like folders, tags, custom fields, Multiple Vaults, as well as the full range of items including Bank Accounts, Email Accounts, Memberships, Passports, Reward Programs, Wireless Routers, Software Licenses and many more. Read More
By Cody Lee on Sep 16, 2014
Several users have noticed that iCloud.com is once again employing two-factor authentication for users who have activated the security measure. The two-step process first popped up on the iCloud web portal back in June, but the feature was quickly pulled for unknown reasons.
For those unfamiliar with Apple’s implementation of two-factor authentication, it requires users to verify their identity via text message or Find My iPhone push notification. It provides an extra layer of security in the event a user’s device or Apple ID info becomes compromised. Read More
By Cody Lee on Sep 15, 2014
Connecticut Attorney General George Jepsen announced this afternoon that he’s sent a letter to Tim Cook regarding the new Apple Watch and user privacy. Jepsen wants Cook to explain what data the device will collect, how that data will be stored, and what Apple’s policies are on apps that access health information.
Specifically, Jepsen asks whether Apple will allow consumers to store personal/health info on its servers, and if so. how will that information be safeguarded. He also wants to know what kind of data Apple Watch will collect from users, and how it and its developers plan to obtain consent for this collection from users. Read More
By Cody Lee on Sep 15, 2014
Security research firm Palo Alto Networks reported this weekend about a new iOS malware that’s affecting jailbroken devices. It’s called ‘AppBuyer,’ and it’s programmed to steal a user’s Apple ID and password for the purpose of purchasing apps from the App Store.
It’s not clear exactly how AppBuyer is being installed, but the group says it could be done a number of ways including through a malicious Cydia Substrate tweak or PC jailbreaking utility. Those infected complain of random apps periodically popping up on their devices. Read More
By Cody Lee on Sep 10, 2014
Leander Kahney of Cult of Mac reports today that the Apple Watch comes with a built-in security feature that disables Apple Pay in the event that it is stolen. Apparently the Watch can use its sensors to tell when it is being worn, and when it has been taken off.
Kahney says that during the hands-on time at Apple’s event yesterday, an employee for the company told him that when you first put the watch on you, you must enter a security code. When the watch is removed, Apple Pay locks up until you enter the code again. Read More