A new security exploit discovered in Apple's mobile operating system allows attackers to fool unsuspecting users into installing malicious iPhone and iPad apps disguised as new versions of popular apps and games such as Gmail, Angry Birds and more.
Instances of malicious apps with such deceiving names as “New Angry Bird”, “New Flappy Bird” and others were mentioned Monday in a report by mobile security research firm FireEye.
Apple released a statement today saying that it is aware of the newly discovered WireLurker malware that targets Macs and iOS devices, and it has taken action. "We’ve blocked the identified apps to prevent them from launching," a spokesman for the company told the Wall Street Journal.
Yesterday security researchers at Palo Alto Networks published a report saying they had discovered a new malware targeting Macs and iOS that is the “biggest in scale” it has ever seen. They named the malware "WireLurker" for its ability to jump from infected Macs to iOS devices over USB.
Security researchers at Palo Alto Networks say they've uncovered a new malware campaign targeting Macs and iOS that is the "biggest in scale" it has ever seen. Dubbed WireLurker, the malware has infected more than 400 apps in the Maiyadi App Store, a third-party Mac app store in China.
In the last six months, researchers say 467 infected applications have been downloaded 356,104 times, and “may have impacted hundreds of thousands of users.” The scary part is, the malware can be transmitted to a connected iOS device via USB, regardless of whether or not it's jailbroken.
The Electronic Frontier Foundation (or EFF) has posted a new Secure Messaging Scorecard, which ranks popular messaging offerings based on their security measures. The Scorecard uses a variety of metrics, such as methods of encryption and user privacy, and Apple's messaging options faired rather well.
While dedicated secure messaging apps like ChatSecure and CryptoCat scored the highest, the EFF found Apple's iMessage and FaceTime systems to be "the best of the mass-market options." The two services were found more secure than several high profile apps, including BlackBerry Messenger and Skype.
Criminals should protect their iPhones with a passcode, not Touch ID, as a Virginia District Court has determined that passcodes are protected under the Fifth Amendment of the United States Constitution while fingerprints are not, according to a report Friday by Hampton Roads.
The Fifth Amendment protects citizens from self-incrimination so a phone is protected under the law because otherwise it would require a defendant to divulge knowledge. Put simply, a Circuit Court judge has ruled that a criminal defendant can be compelled to reveal their fingerprint but not the passcode, so that police could search their mobile phone.
At this point in time, running Cydia on a jailbroken iPhone can still be a bit confusing for users who aren't always knee-deep in this stuff. One of the biggest issues encountered when running Cydia on a jailbroken iOS 8 device at the moment involves using the passcode and Touch ID.
After installing Cydia on a jailbroken iOS 8 device, many are reporting that establishing a passcode sends them into a bootloop. I verified that I encountered the same issue.
Let me just preface this by saying that the problems encountered here are no fault of the Pangu team or of Saurik. This jailbreak is a work in progress, and we've been advised that the jailbreak is only for developers at the moment. That said, many of you are adventurous and want to take the plunge as soon as possible; as do I.
In this video, I share an unsanctioned workaround to the boot loop issue. I show you how to establish a passcode on a device with Cydia and Cydia Substrate installed. I've tested this out, and have recorded the entire Cydia installation process for your convenience. Have a look inside for the full tutorial.
Learn how to stop your Mac from requesting the login password or authenticate with Touch ID when you wake it from sleep or the screen saver begins.
SleekCode is a brand new jailbreak tweak that just recently touched down on Cydia’s BigBoss repo. SleekCode allows you to change up the look of the passcode screen. You can alter the background of the blur, alpha, and passcode rings, along with hiding the emergency dial button and slide to unlock chevron.
I was fairly impressed with the look of the passcode screen after configuring SleekCode. Have a look at our video walkthrough for more information.
Apple's boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users' iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.
The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords.
Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple's users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.
The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page.
The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.
Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they're visiting a fake website.
Following the release of OS X Yosemite this afternoon, Apple quickly pushed out iTunes 12.0.1. As you know, Yosemite includes a refreshed edition of iTunes marked as version 12, and this is an update for the folks who are using the new software.
Not much is mentioned in the change log in terms of what's new in 12.0.1, but it does note that at least one of the changes has to do with security. And given its release time, and .1 build number, we imagine that it includes other bug fixes as well.