O'Grady's PowerPage » security

KeyRaider malware steals credential information for 225,000+ jailbroken iOS devices

Posted by:
Date: Tuesday, September 1st, 2015, 04:07
Category: iOS, News, security, Software

trojanhorse

The bad news is that more than 225,000 Apple IDs and passwords were taken from assorted iPhones via a chunk of malware dubbed “KeyRaider”, which can also remotely lock iOS devices in order to hold them to ransom.

The good news is that this only occurred with jailbroken iOS devices and probably didn’t happen to you.

According to reports, the KeyRaider software will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.

(more…)

iPassword for iOS updated to 5.5, adds Apple Watch, Touch ID improvements

Posted by:
Date: Friday, August 21st, 2015, 08:58
Category: iOS, News, security, Software

1passwordicon

This might be worth snagging.

1Password for iOS has been updated, version 5.5 allowing users access to a Touch ID button under the Master Password field so you can choose to sign in using your finger print even if you accidentally hit cancel on the first request. Tapping the fingerprint button prompts the system Touch ID unlock screen.

The new version also features an improvement to how the app can stay unlocked between uses in different apps. Previously 1Password’s extension in other apps required being unlocked by password, passcode, or Touch ID each time. Now, the 1Password extension and 1Password app share the same unlock time limits.

(more…)

Researchers demonstrate proof of concept for firmware worm that can directly target Macs

Posted by:
Date: Monday, August 3rd, 2015, 16:00
Category: Hack, MacBook, MacBook Air, MacBook Pro, News, security, Software

trojanhorse

It’s generally been accepted that Apple’s computers are much more secure than their Windows PC counterparts.

This isn’t entirely true, as a part of researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

(more…)

Mozilla temporarily disables Flash Player interactivity within Firefox, cites recently discovered exploits

Posted by:
Date: Tuesday, July 14th, 2015, 10:52
Category: News, security, Software

trojanhorse

If you haven’t updated your version of Adobe Flash Player lately, now might be the time to do it.

The developers at Mozilla, having noticed that the staff at Hacking Team had three working exploits for Adobe Flash, decided to block all versions of the Flash Player plugin up to version 18.0.0.203 on Windows. Mozilla said Flash would remain on the Firefox blocklist until Adobe fixes all known vulnerabilities.

Since the announcement, Adobe appears to have updated its Flash player to version 18.0.0.209, which is not blocked.

(more…)

Apple to do away with Recovery Key as part of Two-Factor Authentication in iOS 9, OS X 10.11 El Capitan operating systems

Posted by:
Date: Thursday, July 9th, 2015, 09:42
Category: iOS, News, security, Software

recoverykey

There shall be Recovery Key no more come iOS 9 and OS X 10.11 El Capitan.

Apple on Wednesday confirmed that the security feature will be removed from its future operating systems.

Currently, the Recovery Key system in Apple’s “two-step” protocol works as a failsafe for accessing an Apple ID when a registered trusted device or phone number is unavailable. Under the existing setup, losing both a trusted device and Recovery Key renders the account inaccessible, which has in the past forced some users to abandon their Apple IDs altogether.

(more…)

12-inch MacBook notebooks essentially chained to Apple Store tables, may make browsing difficult

Posted by:
Date: Tuesday, July 7th, 2015, 08:48
Category: MacBook, retail, security, Uncategorized

12inchmacbookontable

You know how people sometimes go to outlandish (and destructive) lengths to steal things from Apple Store locations?

This, combined with the new 12-inch MacBook’s light weight, may be why they’re literally chaining the new notebook to the display tables.

Apparently the new MacBook, which weighs all of 2.0 pounds, is essentially chained/cabled to the display tables as opposed to letting customers lift it off the table to test its weight, as Apple usually does with its other notebook models.

(more…)

1Password for iOS updated to 5.4.3, includes bug fixes

Posted by:
Date: Wednesday, June 24th, 2015, 09:41
Category: iOS, News, security, Software

1passwordicon

1Password’s proven fairly infallible so far and its updates have been useful.

On that note, AgileBits announced the release of 1Password 5.4.3 for iOS. The new version offers the following fixes and changes:

1passwordchanges

(more…)

Adobe pushes Flash Player 18.0.0.194, cites security vulnerabilities in previous versions

Posted by:
Date: Wednesday, June 24th, 2015, 08:25
Category: News, security, Software

flashplayericon

As useful as it may be, Adobe is still putting out fires with Flash Player.

The company issued a security update for its Flash Player on OS X, Windows, and Linux. In the bulletin, it cited that this update addresses a critical security vulnerability that could allow an attacker to gain control and take over an affected system.

While Adobe notes that hackers have most commonly taken advantage of this vulnerability with systems running Internet Explorer for Windows 7 and Firefox on Windows XP, the exploit affected all users. To combat the issue, the company has pushed the 18.0.0.194 build of Flash Player and is urging all users to update immediately.

(more…)

Research team finds major zero-day security flaws in both iOS, OS X operating systems

Posted by:
Date: Wednesday, June 17th, 2015, 08:31
Category: iOS, News, security, Software

trojanhorse

Well, this is a bit awkward.

A group of researchers from Indiana University and the Georgia Institute of Technology have stated that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps.

The claims appear to have been confirmed by Apple, Google and others.

(more…)

Yahoo slims down services, will require iOS 5.0 or later, Mac OS X 10.8 or later to access Yahoo Mail after June

Posted by:
Date: Friday, June 5th, 2015, 08:53
Category: iOS, News, security, Software, Uncategorized

yahoomail

Sometimes you’ve got no choice but to upgrade…

Yahoo announced that it will be ending support for Yahoo Mail and Yahoo Contacts will be discontinued for some older Apple devices as of June 15th.

In the case of Yahoo Mail, users with devices running iOS 4 or earlier will no longer be able to use their Yahoo accounts with iOS’ native Mail app. At the same time, Yahoo Contacts will stop syncing with Macs on OS X Lion or earlier.

(more…)