Apple releases macOS High Sierra 10.13.2 update

Posted by:
Date: Friday, December 8th, 2017, 03:16
Category: High Sierra, macOS, News, security, Software

Late Wednesday night, Apple released macOS High Sierra 10.13.2. The update, a roughly 1.87 gigabyte download, offers the following fixes and changes:

– Improves compatibility with certain third-party USB audio devices.

– Improves VoiceOver navigation when viewing PDF documents in Preview.

(more…)

Apple releases fix for root user bug in macOS 10.13 High Sierra

Posted by:
Date: Thursday, November 30th, 2017, 03:23
Category: iOS, News, security, Software

Apple has released a fix for the now-infamous root bug in macOS High Sierra.

The company released its Apple Security Update 2017-001 update on Wednesday. The update, a 2.1 megabyte download, can be located and installed via the App Store app. Open this program, click on “Updates” and the patch will appear as a security update that can be installed without needing to restart your Mac.

Apple offered the following comment regarding the fix:

(more…)

Apple follows up on root user security hole in macOS 10.13 High Sierra, has yet to offer timeline for fix

Posted by:
Date: Wednesday, November 29th, 2017, 03:03
Category: macOS, News, security, Software

Well, this qualifies as a pretty huge mess.

Following the discovery of a security hole in macOS High Sierra in which a user can simply enter their user name as “root”, not provide a password and be allowed full access to the computer, Apple has offered the following statement:

“We are working on a software update to address this issue,” Apple said. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the ‘Change the root password’ section.”

(more…)

Bkav hacking group bypasses Face ID, shows second proof of concept mask

Posted by:
Date: Tuesday, November 28th, 2017, 03:12
Category: Face ID, Hack, Hardware, iPhone, News, security

In spite of Face ID being an impressive feature, yet another successful proof of concept/hack seems to have taken place.

The security system, which has apparently been fooled by twins, children, and a mask has once again been bypassed by Vietnamese security company Bkav, which made headlines in mid-November after uploading a video featuring Face ID accessed by a mask. Though successful as a proof of concept, there were several questions about the unlocking methods used in the video, including whether “Require Attention” was turned on. On Monday, Bkav shared a second video with a new mask and a clearer look at how the mask was used to spoof Face ID.

The company used a 3D printed mask made of stone powder, which can be replicated for approximately $200. 2D infrared images of eyes were then taped over the mask to emulate real eyes.

(more…)

Texas Rangers issue warrant to decrypt iPhone SE following Southerland Springs shooting

Posted by:
Date: Monday, November 20th, 2017, 03:08
Category: iCloud, iPhone, Legal, News, security, Touch ID

Similar to the San Bernadino shooting of almost two years ago, Apple has officially been served with a search warrant for access to the iPhone SE used by the man responsible for the Sutherland Springs, Texas shooting. The move comes after an earlier fumble that saw the Texas Rangers and FBI fail to act within 48 hours to unlock the device in question with Touch ID…

The Texas Rangers served Apple with a warrant to access both David Kelley’s iPhone SE and iCloud account. The Rangers have also expressed interest in a second phone used by Kelley made by LG. Apple stated earlier this month that it contacted law enforcement officials roughly 48 hours after the shooting to see if it could be of any help. During that first 48 hours, when Touch ID would have still been enabled, law enforcement made no efforts to ask Apple for help or to use Touch ID to unlock the phone. Instead, it shipped the device off to a crime lab in Quantico, Virginia.

(more…)

Hacker group claims iPhone X Face ID feature can be fooled with mask technique

Posted by:
Date: Tuesday, November 14th, 2017, 03:16
Category: Face ID, Hack, Hardware, iPhone, News, security

It’s been noted that Apple’s the iPhone X’s Face ID feature can be fooled by an identical twin. Now it looks like a mask might do the trick as well.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

The hack stands as a proof-of-concept for the time being, so the average iPhone owner isn’t at grave risk.

Bkav, offered the following comments:

“Apple has done this not so well. Face ID can be fooled by mask, which means it is not an effective security measure.”

(more…)

Security researchers hack iOS 11.1 at Pwn2Own event

Posted by:
Date: Friday, November 3rd, 2017, 03:17
Category: Google, Hack, iOS, iPhone, News, Samsung, security

Trend Micro’s annual Pwn2Own has kicked off over at the PacSec Security conference in Tokyo, complete with security researchers spending the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.

And, for better or worse, Apple’s iPhone 7, running the newly-released iOS 11.1, was successfully breached twice Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

The group used a total of four bugs to both gain code execution and escalate their user privileges to allow their rogue application to install via a reboot. In addition, the group snagged $60,000 for the WiFi exploit and added $50,000 for the persistence bonus, thereby totaling $110,000 and 11 Master of Pwn points.

(more…)

Apple releases security updates for KRACK, other exploits in macOS High Sierra 10.13.1 update, Security Update 2017-004

Posted by:
Date: Thursday, November 2nd, 2017, 03:10
Category: Hack, High Sierra, macOS, News, security, Sierra, Software

A few critical security updates also shipped out with Tuesday’s macOS High Sierra 10.13.1 update.

Apple also released Security Update 2017-004 and Security Update 2017-001 macOS Sierra, which address the KRACK security exploit.

KRACK is a vulnerability in the WPA2 encryption standard for Wi-Fi networks that lets attackers decrypt the data passing to and from a specific device. The vulnerability exists in most any device capable of using WPA2 on Wi-Fi networks and once it was publicly disclosed product manufacturers started scrambling to release patches.

(more…)

FBI director reveals that 6,900 devices have yet to be unlocked/decrypted

Posted by:
Date: Tuesday, October 24th, 2017, 05:18
Category: iOS, iPad, iPhone, News, security

If you were looking to live in an era of digital privacy, it may have just arrived.

According to a statement shared by FBI Director Christopher Wray at the International Association of Chiefs of Police on Sunday, the FBI has been unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months.

“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”

(more…)

Chinese telecom companies cut Apple Watch Series 3 access to LTE, cite government security concerns

Posted by:
Date: Friday, October 20th, 2017, 05:56
Category: Apple Watch, Hardware, Legal, News, security, Wearables

China has terminated LTE access for the Apple Watch Series 3 without explanation. Per the Wall Street Journal, all three major carriers in China have closed off LTE access, apparently over the government’s security concerns over the device.

The WSJ reports that LTE functionality was available on China Unicom at launch, but new subscriptions were terminated just a few days later. Existing users are so far unaffected, it says.

It’s thought that the government was concerned about the fact that it could not track the new Apple Watch Series 3’s user base given its use of an eSIM device.

(more…)