This update is security oriented, as it contains the setreuid patch to prevent applications from obtaining to root privileges through setreuid. The update also contains stability improvements. If you’ve yet to jailbreak your iOS 8.4 device, it is recommended that you use this latest version of TaiG’s tool, version 2.2.1. Read More
Jailbreakers Nikias Bassen (Pimskeks) and Melissa Archer have teamed up for a new security-oriented jailbreak tweak called Blocked. Released at WWJC 2015, Blocked brings two new operation modes to the iPhone for enhanced security.
The two modes, SleepMode and GuestMode, each work to block access to certain features. By using Activator gestures, users can quickly and stealthily enter either mode to beef up device security.
Watch our video walkthrough inside to see how to the tweak works. Read More
A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.
Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more. Read More
Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple’s iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple’s desktop and mobile operating systems.
As discovered by a team of researchers at Indiana University, Georgia Tech and China’s Peking University and reported by The Register, Keychain’s access control lists, URL schemes and OS X’s app containers contain flaws creating serious attack vectors. Read More
Good news today for jailbreakers who are hoping to update to iOS 9 this fall. Speaking with Forbes’ Thomas Fox-Brewster, Liang Chen of the elite hacking group Keen Team says they’re eyeing the firmware to release their first ever jailbreak.
Right now, Chen says the team is prodding the recently released iOS 9 developer beta, and may even reach out to the well-known Pangu Team for assistance. “We want to release it just after iOS 9, that’s our plan,” he told Forbes. “It depends how lucky we are.” Read More
A serious bug in Apple’s stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.
Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.
The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.
While such emails look like they’re coming from a real company, they’re spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside. Read More
Activation Lock, Apple’s theft-deterrent feature available on iPhone, iPod touch and iPad devices running iOS 7 or later, will be available on the Apple Watch this fall, courtesy of the free watchOS 2 software update announced earlier this morning during the Worldwide Developers Conference keynote talk.
It was previously discovered that the Apple Watch lacks this necessary security feature to dissuade thieves due to the limitations in its software and its dependency on iPhone for network connectivity. Read More
Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC’s Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior “corporate leadership.”
Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google. Read More
Google’s annual I/O conference is currently going on in San Francisco, and as expected, Android M, its latest update to Android, was officially unveiled. Although lots of new features will be packed in with Android M, six of those features were brought to the forefront during the beginning of the I/O keynote.
Google states that Android M is rethinking fundamental aspects of how the platform has worked for years, and focuses on polish and quality and improving the core user experience. From what we’ve seen thus far, we’d have to agree.
The following six areas—App Permissions, Web Experience, App Links, Android Pay, Fingerprint Support, and Power & Charging—were specially highlighted as new features for Android M. What do these new features mean for Android and the future of mobile? Read More
The National Security Agency’s (NSA) bulk phone metadata collection program should come to an end on June 1 at 5pm Eastern time as the Obama administration has reportedly decided not to ask a secret court for a 90-day extension of Section 215 in the Patriot Act, an administration official confirmed to The Guardian on Saturday.
The controversial program was established as an effective, secret means of siphoning user data, not just from carriers but also from major technology companies like Apple, AT&T, Google, Verizon, and Microsoft, with or without their willing participation. Read More
Recent reports are claiming that Apple’s upcoming iOS update—iOS 9—will make it more difficult to jailbreak iPhones and iPads going forward. Some are even stating that it will be nearly impossible to jailbreak an iPhone running iOS 9.
The reason? Rootless—the kernel-level security feature that was discussed earlier today. This new feature is said to prevent malware, increase the safety of extensions and preserve the security of sensitive data.
When it’s all said and done, Apple’s security efforts in iOS 9 appear to be its most prolific since iOS 5. It could make it more of a challenge for jailbreakers and hackers.
But impossible? There’s nothing that’s impossible when it comes to security. More difficult? Perhaps. More challenging? Maybe. But impossible? Read More
In the refreshed iOS Security Guide, Apple has for the first time detailed security technologies pertaining to the Apple Watch.
As it turns out, the wrist-worn device borrows the many security features and technology built for iOS, including hardware-encrypted storage and data protection, keychain access control, protection of wireless data exchange with its paired iPhone and much more. Read More
The Apple Watch contains security measures to prevent thieves from accessing your data, but it doesn’t include the necessary features to dissuade thieves from trying to steal your device to begin with.
The problem stems from the lack of an Activation Lock-like feature on Watch OS 1.0.
Unlike the iPhone, if someone steals your Apple Watch, they can easily reset the device (bypass the passcode), and pair it with a new iPhone logged in to a different iCloud account. In other words, it’s totally feasible to steal an Apple Watch and set it up on a different device as if you just purchased it from an Apple Store. Read More
With ephemeral messaging growing in popularity, and given ongoing fear of government-sponsored snooping, small wonder that BitTorrent has now entered the market for secure chat apps — and in a pretty big way, too.
Bleep, their new Mac and iOS secure messaging and VoIP software, strives to ensure the privacy of your conversations by never saving them on your device or the servers. In a nutshell, Bleep uses encryption and peer-to-peer networking to establish a private, secure connection between devices.
With Bleep, you can whisper with friends on your Mac or iPhone and the messages will disappear after they are read. Read More
There seems to be a bit of misunderstanding when it comes to using a passcode on the Apple Watch. I’ve seen more than a few comments about how inconvenient it would be to have to “enter a passcode on that tiny screen every time I want to use the watch.” Indeed, it would be inconvenient if that were a true statement; thankfully it’s not. Read More
If you forget your Apple Watch passcode and enter an incorrect passcode more than six times in the row, your Apple Watch will lock you out. You’ll then see a message that tells you to try entering your password again in a few minutes.
But what if you simply can’t remember your passcode? What then? If that’s the case, then you’ll need to erase your Apple Watch, re-pair it with your iPhone, and restore from backup. Check out our tutorial that shows you how to reset your Apple Watch from your paired iPhone or from the Apple Watch itself. Read More
Apple this afternoon released Safari updates for Yosemite (8.0.6), Mavericks (7.1.6), and Mountain Lion (6.2.6). The new versions include fixes for multiple memory corruption issues in WebKit, which Apple says could lead to arbitrary code execution or unexpected application termination when visiting a maliciously-crafted website. Read More
On initial Apple Watch setup, you’ll be asked to establish a passcode, and I recommend doing this. Not only will a passcode allow you to use Apple Pay with Apple Watch, but it will help secure other sensitive data on your device.
You’ll quickly come to realize that passcode usage on the Apple Watch, while similar to the iPhone in some respects, is quite different. Because the Apple Watch is worn on your wrist and is an accessory to the iPhone, some things had to be altered to make it all work cohesively. Read More