Apple confirms fix against “KRACK Attack” WPA-2 exploit in macOS, iOS, tvOS, and watchOS betas, has yet to comment on AirPort firmware

Posted by:
Date: Tuesday, October 17th, 2017, 05:08
Category: Android, iOS, macOS, News, security, Software, TvOS, watchOS

Following the recent “KRACK Attack” Wi-Fi WPA-2 exploit, Apple has cited that it has addressed the issue in its macOS, iOS, tvOS and watchOS betas, but has yet to officially state as to whether a patch is en route for its AirPort series of routers.

Sources within the company have stated that the patch to remove hardware susceptibility was included in a “previous” beta of the current range of operating systems, indicating a release before Monday’s batch.

(more…)

Developer outlines possible attack that could trick iOS users into giving their Apple ID credentials away

Posted by:
Date: Wednesday, October 11th, 2017, 05:33
Category: Developer, iOS, News, security, Software

This might be worth watching out for.

Per developer Felix Krause, a popup technique could be used to easily trick someone into handing over their Apple ID and password on their iOS device.

The developer noted that it is incredibly easy for an iOS app maker to recreate the Apple ID password prompt. From there, the app could send that popup and subsequently log the Apple ID and password. It takes less than 30 lines of code and could seemingly be dropped in any legitimate iOS app and sneak past App Store review teams.

(more…)

Security researchers point out Apple-granted API that could have allowed Uber to monitor iPhone users’ activities

Posted by:
Date: Monday, October 9th, 2017, 05:55
Category: Apple Watch, Developer, iOS, News, security, Software, Wearables

Last week, a controversial background API given from Apple to Uber designed to improve performance of the Uber app on the Apple Watch made headlines when security researchers told stated that Uber could have used it to record a user’s iPhone screen even with the Uber app just running in the background.

In a statement, Uber said the entitlement was used for an old version of the Apple Watch app and was provided to Uber because the original Apple Watch couldn’t render maps.

The company offered the following statement regarding the situation:

(more…)

Apple releases macOS High Sierra 10.13 Supplemental Update, works to address security concerns, bugs

Posted by:
Date: Friday, October 6th, 2017, 05:39
Category: High Sierra, macOS, News, security, Software

Every so often after a major operating system update, Apple releases a supplemental update to sort things out.

This is one of those times.

On Thursday, Apple released macOS High Sierra 10.13 Supplemental Update. The update, a 915 megabyte download through the App Store’s “Update” tab, fixes two important security flaws, one of which was just recently publicized. It also addresses three relatively minor bugs in macOS High Sierra.

Per Apple’s patch notes, the macOS High Sierra 10.13 Supplemental Update offers the following fixes:

Improves installer robustness
Fixes a cursor graphic bug when using Adobe InDesign
Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail
Security patch notes for macOS High Sierra 10.13 Supplemental Update
StorageKit

(more…)

Verizon reveals that all 3 billion existing Yahoo accounts were breached in 2013 attack

Posted by:
Date: Wednesday, October 4th, 2017, 05:45
Category: Finance, Hack, News, security

If you had a Yahoo account in 2013, there’s a 100 percent chance that you were hacked.

Yahoo’s parent company has revealed that the massive data breach that occurred in August of 2013 affective all three billion Yahoo accounts that existed at the time.

Previously, Yahoo said the hack affected 1 billion accounts, or a third of all accounts. Verizon now says new intelligence suggests the attack was much larger, compromising all Yahoo accounts in 2013.

(more…)

Apple File System included in forthcoming macOS High Sierra operating system won’t work on Fusion Drive units, Apple provides instructions for workaround

Posted by:
Date: Wednesday, September 20th, 2017, 05:51
Category: Fusion Drive, macOS, News, security, Software

This could get annoying.

Apple has released a technical note describing how the new Apple File System (APFS) feature will be limited to Macs with all-flash built-in storage, which means it won’t work with iMacs and Mac minis that include Fusion Drives.

The Fusion Drives were converted to the APFS format during the first beta test of MacOS High Sierra, but support was removed in subsequent betas and not reimplemented.

(more…)

HomePod firmware hints at possible Face ID scanning even when next-gen iPhone is laying flat

Posted by:
Date: Monday, August 7th, 2017, 05:55
Category: Developer, Hardware, HomePod, iPhone, Rumor, security, Touch ID

The leaked HomePod firmware might have given away yet another feature for Apple’s upcoming next-gen iPhone.

iHelp has noted a line that references support for facial recognition even when the device is laying flat on its back. The term “Pearl” is believed to be Apple’s name for Face ID:

AXRestingPearlUnlock

com.apple.accessibility.resting.pearl.unlock

(more…)

Wikileaks publishes two more Mac-specific exploits from CIA Vault 7 files

Posted by:
Date: Friday, July 28th, 2017, 05:49
Category: Hacks, News, security, Software

If you’re interested in security, you’ll like this.

Wikileaks has just Wikileaks published two more Mac exploits from the so-called CIA Vault 7 under the name Project Imperial. The new exploits—Achilles and SeaPea—affect older versions of OS X, such as Mac OS X 10.6 Snow Leopard and Mac OS X 10.7 Lion.

The exploits behave as follows:

(more…)

iOS 10.3.3 update resolves Wi-Fi exploit that allowed for complete outside control of devices

Posted by:
Date: Friday, July 21st, 2017, 05:14
Category: Hardware, iPad, iPhone, iPod Touch, News, security, Software

Even if you’re generally a bit hesitant to accept iOS updates until they’ve been out for a while, it might be a good idea to accept the new iOS 10.3.3 update, which was released on Wednesday.

Per Apple’s security document, the update includes the following major fix:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

(more…)

Apple releases macOS 10.12.6, iOS 10.3.3, watchOS 3.2.3 updates

Posted by:
Date: Thursday, July 20th, 2017, 05:56
Category: iOS, macOS, News, security, Software, watchOS

‘Twas a day of updates as Apple released new versions of macOS Sierra, iOS 10, and watchOS 3 on Wednesday.

As usual, Apple’s comments as to the changes involved bug fixes, performance improvements and security fixes with the release of macOS Sierra 10.12.6, iOS 10.3.3 and watchOS 3.2.3, respectively.

Specific changes for macOS 10.12.6 included the following:

(more…)