Security

Apple fixes remote execution code flaw that brought Dev Center down

Christian Zibreg ∙ August 20, 2013

While independent security researcher Ibrahim Balic claimed responsibility for taking down Apple's Dev Center, in reality his discovery of an iAd Workbench vulnerability had nothing to do with the Dev Center outage.

Apple this morning credited Balic for reporting the iAd Workbench bug that did allow him to obtain full names and Apple IDs of Apple's registered iOS and Mac developers.

While it's a bit murky whether or not Balic was solely responsible for the system-wide Dev Center shutdown, Apple today wrote on its Web Server notifications page that it fixed a "remote code execution issue" that allegedly caused the downtime...

Apple credits Ibrahim Balic for reporting iAd Workbench vulnerability

Christian Zibreg ∙ Updated September 26, 2016

Ibrahim Balic, an independent security researcher, made the headlines by taking credit for knocking Apple's Dev Center out for thirteen days following his discovery of a serious iAd Workbench vulnerability.

Even though that issue hasn't made the hack directly possible, it did force Apple to shut down Dev Center for more than a week.

It has also prompted an overhaul of Apple's developer systems, including updating the server software and rebuilding the entire database. Though Balic has rarely come out of stealth mode since protecting his Twitter timeline out of fear of potential consequences, he needn't worry as Apple has now credited him with reporting the iAd Workbench vulnerability...

‘AutoOK’ makes complex passcodes work like normal passcodes

Jeff Benjamin ∙ Updated April 14, 2018

In theory, "complex" word-based passcodes are more secure than the standard 4-digit passcodes that the majority of us tend to use, but they do come with a caveat. It might not sound like a big deal, but with complex passcodes, you have to tap the 'OK' button after entering the passcode in order to unlock your device. With standard passcodes, simply entering in all four digits is enough to prompt the device to unlock.

AutoOK is a new jailbreak tweak that serves as a workaround for this problem. It will automatically submit your complex passcode and unlock your device without needing to tap the OK button. Have a look at our video walkthrough inside to see how it works.

‘CodeScrambler’ adds more security to the stock iPhone passcode

Jeff Benjamin ∙ Updated April 14, 2018

Looking to add some additional security to your iPhone? Worried about someone spying out your Lock screen passcode? If you answered affirmatively to those questions, then perhaps you'd benefit from CodeScrambler.

CodeScrambler is a brand new jailbreak tweak that scrambles the Lock screen passcode in a different order each time you attempt to unlock your iPhone. This makes it more difficult for would-be passcode thieves to memorize your passcode based on the location of your taps on the screen.

Have a look inside, as we showcase how CodeScrambler works on video...

President Obama outlines four government surveillance reform initiatives

Cody Lee ∙ August 9, 2013

Following a series of meetings with tech executives a government leaders this week, President Obama held a press conference this morning to describe his plan to assuage concerns among Americans and foreigners regarding the legality of US surveillance activities.

During his speech, the President said that the surveillance programs in use by government agencies right now are "operating in a way that prevents abuse." But the question for his administration, he posed, is how does it make "American people more comfortable?"

So he outlined the following four initiatives...

President Obama meets with Tim Cook and other tech execs to talk surveillance

Cody Lee ∙ August 9, 2013

According to a report from Politico, President Barack Obama met with Apple CEO Tim Cook and a number of other tech executives yesterday for a closed-door discussion on government surveillance. The site says this was the second meeting of its kind this week.

Cook was joined by the likes of AT&T CEO Randall Stephenson, Google's chief Internet evangelist Vint Cerf, and Public Knowledge President Gigi Sohn, to talk about various surveillance strategies and tother topics such as the recent NSA PRISM program scandal...

Apple’s iPhone activation servers knocked offline, all over again

Christian Zibreg ∙ August 8, 2013

"Your iPhone could not be activated because the activation server is temporarily unavailable," used to be the unmistakable declaration of crazy high demand.

Each time an influx of buyers rushed to simultaneously power on their brand spanking new iPhones on launch day, Apple's iTunes servers struggled to keep up.

Nowadays, it's just plain embarrassing.

Just as Apple is coping with bringing the remaining Dev Center systems back online and less than 24 hours after a two-hour outage had knocked offline Apple's App Store and other iTunes content stores, the Apple cloud is acting up - again.

This time around, users on Twitter and elsewhere are reporting not being able to activate their brand spanking new iPhones because iTunes activation servers are experiencing another outage...

Google criticized over password security in its Chrome browser

Cody Lee ∙ August 8, 2013

Google has come under fire this week for the way that its Chrome browser handles password storage. The criticism comes in light of some new findings posted by software developer Elliott Kember, who says he's discovered a flaw in the way Chrome handles passwords.

Apparently, in the browser's settings panel there's a section that lists all of the websites in which a user has a stored password for, and their corresponding passwords. The data is hidden initially, but the passwords can be exposed with a simple click of the mouse...

Twitter app updated with two-step verification, enhanced photo search and more

Cody Lee ∙ Updated December 4, 2013

Folks using the official Twitter client on iOS will be happy to hear that it has received a significant update this morning, bringing the app to version 5.9. The update includes a handful of improvements, including 2 step authentication and enhanced photo searching.

Twitter first introduced two-step authentication back in May, following a number of widely widely publicized hacks involving celebrity and other high profile accounts. With today's update, Twitter is bringing the new security feature to iOS and Android devices...

New iOS vulnerability lets malware slip through

Christian Zibreg ∙ Updated December 29, 2016

Apple's iOS is generally considered the most reliable and secure mobile platform out there so little wonder that iPhones and iPads are the gadgets of choice of mobile workers everywhere. Despite its Unix underpinnings, iOS of course isn't bullet-proof - no software is. But unlike Google's malware-infested Android, you don't hear every day about an iOS weakness so fatal it opens the door to malware.

Unfortunately, today is precisely that day as researchers from the Georgia Tech Information Security Center (GTISC) publish details about a newly discovered iOS vulnerability that allows malware installation via seemingly innocuous apps.

The weakness circumvents Apple’s security measures and paves the way to "significant security threats to the iOS platform." We're expecting a swift response on Apple's part and a fix via a future update...

Apple issues another system status update to developers

Jeff Benjamin ∙ Updated April 14, 2018

Although the majority of its services are back online and in working condition, Apple has been diligent about keeping developers updated on the progress of its efforts after suffering a security threat a few weeks back.

Key services like the iOS and Mac dev centers are back online, but there are still a few items that remain stuck in limbo, namely, Xcode automatic configuration, TSIs, program enrollments, and renewals in Member Center.

Apple says that it expects that the majority of the remaining services should be back online this week. Have a look inside for the full e-mail that was issued to developers today.

iOS 7 includes fix for malicious charger exploit

Cody Lee ∙ August 1, 2013

Back in June, a group of researches discovered a flaw in iOS that would theoretically allow an iOS device to be hacked using a malicious USB charger. Their proof-of-concept allowed them to invisibly install malware on non-jailbroken iPhones and iPads.

The results of the experiment were called 'alarming,' and brought to the attention of Apple in hopes for a quick fix. The Cupertino company must have gotten the message, because according to a new report, the exploit has been patched in the latest iOS 7 beta...