Apple expected to release fix for chaiOS bug this week

Posted by:
Date: Monday, January 22nd, 2018, 03:04
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

Apple is presently working on a fix for the chaiOS bug that crashes Messages when you receive a specific URL in a chat.

The fix is expected to arrive this week.

chaiOS is a bug that crashes Messages on iOS-based devices when a specific Github link is shared in a chat. It can also cause the iOS springboard to crash and relaunch.

(more…)

App Store-based password reset vulnerability discovered in macOS High Sierra, appears to be fixed in forthcoming update

Posted by:
Date: Friday, January 12th, 2018, 03:27
Category: High Sierra, macOS, News, security, Software

This is why Apple has a team working on security features.

For the third time in recent month, a vulnerability has been discovered in macOS High Sierra.

Back in September, security researcher Patrick Wardle discovered an exploit to snag plaintext passwords from the Keychain utility. Two months later, software developer Lemi Orhan Ergin realized that gaining root access to High Sierra machines was essentially as easy as inputting the username “root,” no password required.

Now, a bug report on Open Radar from earlier this week—affecting version 10.13.2—allows any user to change the App Store system preferences without a real password via these steps:

(more…)

Apple has partially repaired effects of Intel “KPTI” memory/security bug, will add additional fixed in macOS High Sierra 10.13.3

Posted by:
Date: Thursday, January 4th, 2018, 03:04
Category: High Sierra, macOS, News, Processors, security, Software

Following public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December’s macOS High Sierra 10.13.2 with additional fixes seeming likely appear to be coming in macOS 10.13.3.

A number of anonymous sources within Apple have confirmed that routines exist within macOS High Sierra 10.13.2 that could grant applications access to protected kernel memory data. These measures, alongside existing programming requirements regarding kernel memory that Apple has implemented over the past decade, seem to have mitigated much of the issue.

The fix was further confirmed by developer Alex Ionescu, who called the code regarding the issue the “Double Map.”

(more…)

Face ID unable to approve family purchases, reasons for this unknown

Posted by:
Date: Friday, December 29th, 2017, 03:58
Category: Face ID, iPhone, News, security, Software, Touch ID

This is a bit strange.

A number of iPhone X owners have discovered that Face ID isn’t available as an authentication method for the “Ask to Buy” feature, which allows parents to approve their kids’ iOS purchases and downloads. At present, the parent, or controlling Apple ID account holder, must enter their entire Apple account password to approve each individual purchase attempt.

As a result, users are frustrated given that this equivalent functionality was available on Touch ID devices and seems to have been lost in the transition to the iPhone X. Face ID can be used as an authentication method for other purchases, just like Touch ID before it—but Touch ID also worked for “Ask to Buy,” and Face ID doesn’t.

(more…)

iMac Pro to incorporate T2 chip to handle discrete functions, security functions and secure enclave processes

Posted by:
Date: Wednesday, December 13th, 2017, 03:50
Category: Face ID, Hardware, iMac, News, Processors, security, Touch ID

The upcoming iMac Pro will feature new security hardware in the form of a new custom chip dubbed the T2, serving as a secure enclave for encrypted keys, giving users the ability to lock down their Mac’s boot process and also handling system functions like the camera, audio control, and managing the solid-state hard drive.

Details about the new T2 chip were revealed by Caleb Sasser, cofounder of Panic.

Per Sasser, the T2 chip combines previously discrete functions, such as the system management controller, image signal processor for FaceTime camera, audio control, and SSD control.

(more…)

Apple releases macOS High Sierra 10.13.2 update

Posted by:
Date: Friday, December 8th, 2017, 03:16
Category: High Sierra, macOS, News, security, Software

Late Wednesday night, Apple released macOS High Sierra 10.13.2. The update, a roughly 1.87 gigabyte download, offers the following fixes and changes:

– Improves compatibility with certain third-party USB audio devices.

– Improves VoiceOver navigation when viewing PDF documents in Preview.

(more…)

Apple releases fix for root user bug in macOS 10.13 High Sierra

Posted by:
Date: Thursday, November 30th, 2017, 03:23
Category: iOS, News, security, Software

Apple has released a fix for the now-infamous root bug in macOS High Sierra.

The company released its Apple Security Update 2017-001 update on Wednesday. The update, a 2.1 megabyte download, can be located and installed via the App Store app. Open this program, click on “Updates” and the patch will appear as a security update that can be installed without needing to restart your Mac.

Apple offered the following comment regarding the fix:

(more…)

Bkav hacking group bypasses Face ID, shows second proof of concept mask

Posted by:
Date: Tuesday, November 28th, 2017, 03:12
Category: Face ID, Hack, Hardware, iPhone, News, security

In spite of Face ID being an impressive feature, yet another successful proof of concept/hack seems to have taken place.

The security system, which has apparently been fooled by twins, children, and a mask has once again been bypassed by Vietnamese security company Bkav, which made headlines in mid-November after uploading a video featuring Face ID accessed by a mask. Though successful as a proof of concept, there were several questions about the unlocking methods used in the video, including whether “Require Attention” was turned on. On Monday, Bkav shared a second video with a new mask and a clearer look at how the mask was used to spoof Face ID.

The company used a 3D printed mask made of stone powder, which can be replicated for approximately $200. 2D infrared images of eyes were then taped over the mask to emulate real eyes.

(more…)

Rumor: macOS code base hints at possible “Hey Siri” functionality, A10 Fusion co-processor for iMac Pro

Posted by:
Date: Monday, November 20th, 2017, 03:00
Category: Developer, Hardware, iMac, Processors, Rumor, Siri

It’s just a rumor right now, but it’s got some interesting sources behind it.

Developers Guilherme Rambo and Stephen Troughton-Smith, who’ve been exploring the macOS, have found references to the “Hey Siri” function in the code base with support for multiple user accounts, just as macOS has long supported user switching.

At present, it’s been rumored that the iMac Pro could feature an A10 Fusion coprocessor which could manage the “Hey Siri” functionality as well as the boot process, security, and the FaceTime camera. It also appears that the inclusion of the A10 Fusion allows the iMac Pro to accept the voice command ‘Hey Siri’ rather than requiring the click in macOS on the Siri icon or keystroke to prompt Siri.

(more…)

Hacker group claims iPhone X Face ID feature can be fooled with mask technique

Posted by:
Date: Tuesday, November 14th, 2017, 03:16
Category: Face ID, Hack, Hardware, iPhone, News, security

It’s been noted that Apple’s the iPhone X’s Face ID feature can be fooled by an identical twin. Now it looks like a mask might do the trick as well.

On Friday, Vietnamese security firm Bkav released a blog post and video showing that—by all appearances—they’d cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking. That demonstration, which has yet to be confirmed publicly by other security researchers, could poke a hole in the expensive security of the iPhone X, particularly given that the researchers say their mask cost just $150 to make.

The hack stands as a proof-of-concept for the time being, so the average iPhone owner isn’t at grave risk.

Bkav, offered the following comments:

“Apple has done this not so well. Face ID can be fooled by mask, which means it is not an effective security measure.”

(more…)