DOK malware surfaces for macOS platform, sneaks past Gatekeeper protection with valid Apple developer account

Posted by:
Date: Monday, May 1st, 2017, 05:06
Category: macOS, News, security, Software

In the age of Macs becoming more popular again, the amount of malware available for the macOS is on the rise.

According to the McAfee Labs, malware attacks on Apple’s Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild.

The Malware Research team at CheckPoint has located a new piece of fully-undetectable Mac malware which apparently affects all versions of Mac OS X, has zero detections on VirusTotal and is “signed with a valid developer certificate (authenticated by Apple).”

(more…)

Apple repairs iOS 10.3 vulnerability that caused iOS devices to repeatedly dial 911

Posted by:
Date: Friday, March 31st, 2017, 05:28
Category: iOS, iPad, iPhone, News, security, Software

Following the release of iOS 10.3 earlier this week, a number of users reported that their iOS devices were repeatedly attempting to call 911.

The flaw was discovered by an 18-year old who found a way to use Javascript to remotely cause iOS devices to open popup alerts, open apps, and make phone calls. In an effort to show the severity of the problem, he created a code that caused iPhones to dial 911 repeatedly. All in all, he ended up being arrested and charged with four counts of computer tampering after causing thousands of accidental 911 calls.

It appears that Apple has worked with app developers to examine the issue and close the loophole.

(more…)

Apple clears through almost 350 security vulnerabilities with of iOS, macOS, watchOS and tvOS updates

Posted by:
Date: Wednesday, March 29th, 2017, 05:54
Category: Hack, iOS, macOS, News, security, Software, TvOS, watchOS

Apple cleaned house via a slew of operating system updates on Monday, pinning down nearly 350 known vulnerabilities between its changes to iOS, macOS, watchOS and tvOS.

Starting with iOS 10.3, Apple’s latest version includes Find My AirPods, Apple’s new file system, CarPlay, and a few other small visual tweaks. With nearly every update Apple does, they also include a handful of security fixes that easily go unnoticed by the user. iOS 10.3 is no exception with over 85 different common vulnerabilities and exposures (CVEs) listed.

In one case, the iOS 10.3 update patched a security hole that allowed attackers to spam Safari with a ‘Cannot Open Page’ dialog. Lookout, a cybersecurity company, learned of the attack after one of their users complained of losing control over their browsing experience. The dialog was meant to trick users into eventually paying money to “unlock” their Safari browser.

(more…)

Trump administration looks to carry out electronics travel ban from six Muslim-majority countries

Posted by:
Date: Thursday, March 23rd, 2017, 05:14
Category: Hardware, iPad, News, security

The travel ban now applies to some devices coming into the U.S. from some flights.

The Trump administration has banned devices larger than a smartphone in the passenger cabin of flights coming to the U.S. from several airports in Muslim-dominant countries. The ban restricts iPads and other tablets, Kindle ebook readers, notebooks, and other larger electronic devices to checked luggage over terrorism concerns.

The policy was announced earlier this week and covers direct flights to the U.S. from Cairo, Istanbul, Kuwait City, Doha, Casablanca, Amman, Riyadh, Jeddah, Dubai, and Abu Dhabi. Specific airlines includes in the ban include Royal Jordanian Airlines, Egypt Air, Turkish Airlines, Saudi Arabian Airlines, Kuwait Airways, Royal Air Maroc, Qatar Airways, Emirates, and Etihad Airways.

At present, the airlines have until Friday to comply with the electronics ban.

No specific terrorist threat has been cited by the Trump administration, although it’s been thought that militants may want to disguise bombs in electronic devices. Representatives from the administration have stated that the electronics ban isn’t related to the controversial travel ban being pushed forward regarding the six nations with Muslim-majority populations. These countries presently include Iran, Libya, Syria, Somalia, Sudan, and Yemen.

It’s also been noted that a similar electronics ban being carried out in the U.K. was triggered from intelligence gathered during a U.S. raid in Yemen earlier this year.

Stay tuned for additional details as they become available.

Via The Mac Observer and Reuters

Justice Department files charges against Russian hackers following Yahoo email breaches

Posted by:
Date: Thursday, March 16th, 2017, 05:56
Category: Hack, News, security

They found the people who hacked into more than half a billion Yahoo email accounts.

The Justice Department announced charges Wednesday against two Russian spies and two hackers behind the infamous 2014 hacks, which have been identified as among the most significant digital security breaks in American history.

The four men together face 47 criminal charges, including conspiracy, computer fraud, economic espionage, theft of trade secrets and aggravated identity theft, the Justice Department said in a news release.

(more…)

Apple joins Google, other tech companies in resisting ‘troubling’ FBI search warrant

Posted by:
Date: Wednesday, March 15th, 2017, 05:32
Category: Amazon, Apple, Google, iOS, Legal, Microsoft, News, security

Apple has joined Amazon and Microsoft in a court filing which supports Google’s decision to resist an FBI warrant demanding that it hand over emails stored outside the USA. The tech companies argue that this would set a ‘troubling’ precedent.

As reported, the FBI served search warrants ordering Google to surrender emails belonging to suspects in a criminal investigation. The emails themselves were stored on a server outside the USA. Google, in turn, refused, arguing that a domestic search warrant could not apply to data stored in a foreign country.

A Pennsylvania court both disagreed and instructed Google to comply with the warrant. Google has since appealed the ruling, with Apple, Amazon and Microsoft jointly filing an amicus brief in support of Google.

(more…)

WikiLeaks to share CIA hacking tools with Apple, other firms after security fixes are complete

Posted by:
Date: Friday, March 10th, 2017, 05:36
Category: Hack, iOS, News, privacy, security, Software

Following WikiLeaks’ release of more than 8,000 documents from inside the CIA’s Center for Cyber Intelligence, Apple followed up, saying it had already fixed most of the exploits the agency had found to hack into iPhones.

WikiLeaks founder Julian Assange said Thursday he will share the code, which was withheld from the published documents, with tech companies like Apple.

Per Assange:

“We have decided to work with [tech companies] to give them exclusive access to the additional technological details we have so that fixes can be developed and pushed out,” Assange said in a live-streamed press conference from the Ecuadorian Embassy in London, where he lives. “Once this material is effectively disarmed by us we will publish additional details.”

(more…)

Apple responds to WikiLeaks’ release of CIA-based documents, states that ‘many’ of the iOS-related exploits have already been patched

Posted by:
Date: Wednesday, March 8th, 2017, 05:47
Category: Hack, iOS, News, privacy, security, Software

With any luck, this’ll provide some consolation.

Following up on the revelation that WikiLeaks had intercepted and released what might amount to 8,700+ documents from the CIA’s Center for Cyber Intelligence unit – part of which is devoted to obtaining zero-day exploits for iOS devices – and that the CIA had lost control of the majority of its hacking arsenal, Apple went on record to state that “many of the issues leaked today were already patched” in the most recent version of iOS.

The company offered the following comment:

(more…)

1Password for Mac updated to 6.6.1, includes improved Touch Bar support, new subscription model

Posted by:
Date: Tuesday, February 28th, 2017, 05:28
Category: MacBook Pro, News, security, Software, Touch Bar

It’s a nifty program and it just got a little bit better.

1Password for Mac has just been updated to version 6.1.1. The new version includes enhanced Touch Bar support for the MacBook Pro as well as a new payment model that centers around subscriptions.

The software, which generally listed around $65, is being priced towards a more affordable number and now features free trials via the Mac App Store.

(more…)

Apple’s iCloud Activation Lock page removed without explanation

Posted by:
Date: Monday, January 30th, 2017, 05:48
Category: iOS, iPad, iPhone, iPod Touch, News, retail, security

Without hint or warning, Apple has removed the iCloud Activation Lock status page, which used to exist at iCloud.com/activationlock, but that URL now leads to a 404 error instead. The utility let anyone type in the IMEI or serial number of an iOS device to find out if Activation Lock had been turned off, something which proved to be useful to verify the authenticity of a seller when buying a used iPhone online.

References to the web page have been removed from Apple’s support documentation, indicating this is not a temporary issue and the page has been intentionally pulled from service.

A previous Apple support document recommended that users check the Activation Lock status of an iOS device before buying it to ensure that the product was ready to use. The text was removed on January 24th and the iCloud.com/activationlock URL stopped working not long afterwards.

(more…)