Apple, Mac, iOS4,...
Follow
Find tag "English"
7.0K views | +0 today
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage

Forensic scientist identifies suspicious 'back doors' running on every iOS device | Privacy | Cyberespionage | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:



Gust MEES's insight:
During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.


Zdziarski's questions for Apple include:

  • Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
  • Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
  • Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
  • Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 


  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Learn more:


more...
Gust MEES's curator insight, July 21, 6:26 AM
  • Apple is dishing out a lot of data behind our backs
  • It’s a violation of the customer’s trust and privacy to bypass backup encryption
  • There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
  • Much of this data simply should never come off the phone, even during a backup.
  • Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
  • Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Scooped by Gust MEES
Scoop.it!

Apple releases security fixes for iOS, OS X, Safari and Apple TV

Apple releases security fixes for iOS, OS X, Safari and Apple TV | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
One of the bugs fixed in iOS and Apple TV was first reported a year ago and fixed in OS X in May of this year.


Apple has released new versions of iOS, OS X, Safari and Apple TV, and disclosed the vulnerabilities fixed in those new versions. A total of 60 unique vulnerabilities are addressed in the products.


===> As is common with Apple, some of the vulnerabilities are quite old. <===


iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:

Apple has released new versions of iOS, OS X, Safari and Apple TV, and disclosed the vulnerabilities fixed in those new versions. A total of 60 unique vulnerabilities are addressed in the products.


===> As is common with Apple, some of the vulnerabilities are quite old. <===


iOS 7.1.2 fixes 44 vulnerabilities in the previous version. These include two lock screen bugs and two which could allow bypass of Find My iPhone and Activation Lock, the new anti-theft measures. The new version also adds encryption of attachments in the Mail app, a problem first reported two months ago. The usual long list of WebKit bugs is fixed and the list of trusted root certificates was updated.


Learn more:


- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple ransomware strikes Australia - pay Oleg $100 or else

Apple ransomware strikes Australia - pay Oleg $100 or else | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
This morning, a number of Australian iPad and iPhone users woke up to a strange sight.

"Device hacked by Oleg Pliss. For unlock device..."


If you've seen the "Oleg Pliss" message, you can recover without paying the ransom.


Read more in the full article...


Gust MEES's insight:

If you've seen the "Oleg Pliss" message, you can recover without paying the ransom.


Read more in the full article...


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple fixes hole that leaked employees' and developers' personal info

Apple fixes hole that leaked employees' and developers' personal info | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple quietly slipped its Developer Center offline on Sunday night to patch a serious security hole that let anybody access personal contact information for any registered Mac, iOS or Safari develo...






Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:

Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

#Update asap! Apple releases iOS 7.1.1

#Update asap! Apple releases iOS 7.1.1 | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple patches a number of bugs in the iOS platform, and takes a second stab at fixing the Touch ID fingerprint recognition "fade" reported by some iPhone 5S users.


Learn more:



Gust MEES's insight:


Learn more:



more...
Scooped by Gust MEES
Scoop.it!

Update asap!!! ===> Apple Fixes More Than 25 Flaws in Safari

Update asap!!! ===> Apple Fixes More Than 25 Flaws in Safari | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has fixed more than 25 security flaws in its Safari browser.


That flaw was fixed in iOS and other products earlier this year but Apple just released the fix for Safari on Monday. Along with the 25 memory corruption vulnerabilities the company fixed, it also pushed out a patch for a separate issue in Safari that could enable an attacker to read arbitrary files on a user’s machine.


=========> UPDATE ASAP!!! <========


Gust MEES's insight:


=========> UPDATE ASAP!!! <========



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple iOS 7.1 Fixes More Than 20 Code-Execution Flaws

Apple iOS 7.1 Fixes More Than 20 Code-Execution Flaws | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple iOS 7.1 fixes more than 20 code execution flaws on the iPhone.


Apple has fixed a slew of vulnerabilities that could lead to code execution on the iPhone, along with a number of other security vulnerabilities in the latest version of its mobile operating system, iOS 7.1. The new release comes just a little more than two weeks after Apple released iOS 7.06 to fix the SSL certificate validation error.


Gust MEES's insight:


Apple has fixed a slew of vulnerabilities that could lead to code execution on the iPhone, along with a number of other security vulnerabilities in the latest version of its mobile operating system, iOS 7.1. The new release comes just a little more than two weeks after Apple released iOS 7.06 to fix the SSL certificate validation error.


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

FireEye discovered an Apple vulnerability which allows iOS keylogging

FireEye discovered an Apple vulnerability which allows iOS keylogging | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Researchers at FireEye have developed a POC that exploits an Apple vulnerability to implement a Background Monitoring on Non-Jailbroken iOS 7 Devices
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac OS X 10.9.2 released. Apple fixes critical SSL security hole

Mac OS X 10.9.2 released. Apple fixes critical SSL security hole | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they patched for iPhone and iPad users at the end of last week.
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple and the SSL/TLS bug: Open questions

Apple and the SSL/TLS bug: Open questions | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
[UPDATE] It says something about Apple's priorities that they fixed the iOS version of a very serious bug but left Mac users conspicuously vulnerable.


The SSL bug Apple patched on iOS on Friday is a shocking and embarrassing one. That it appears to have been in both iOS and OS X for some time and the way Apple is addressing it show both that Apple knows how serious it is and that Mac users play second fiddle in Apple's orchestra. 

Apple has only released a patch for iOS, not OS X.


Make no mistake about it, this is a very serious bug. The bug makes it fairly straightforward to intercept and decrypt SSL/TLS communications, probably the most important security protocol there is today.


Any time you see Apple (or really any major vendor) release an update that fixes a single bug, you can be sure it's a high-priority bug. And there's no reason to believe that it's higher-priority for iOS users than for Mac users.


So why did they not fix OS X at the same time? Because OS X isn't top priority anymore.

Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Update your iPhones and iPads now to iOS 7.06. But Mac OS X still at risk from critical security hole

Update your iPhones and iPads now to iOS 7.06. But Mac OS X still at risk from critical security hole | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple has quietly pushed out a security update to iOS, the operating system used by its flagship iPhone and iPad products.

And it's really important for your privacy that you update your iPhones and iPads as quickly as possible.




===> A shame then that Mac OS X doesn't yet have a patch... <===




Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New to Mac? Four security tips you need to know

New to Mac? Four security tips you need to know | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

“The fundamental difference is that there are a LOT less malware threats and hacking attacks directed at Mac users than there are against Windows users.  Both can be attacked (and are), but normally it’s Windows users in the firing line. As I like to put it – I can get killed in Baghdad or Bournemouth.  

.

Neither is 100% safe, but one is definitely less risky than the other. Both OSes require up-to-date anti-virus, security patches, best practices and a good healthy serving of common sense to keep them out of trouble.”

.

So while Mac OS X enjoys a deservedly good reputation for security, there are steps any user can take to protect themselves – against loss, password theft, and to protect your most important files.  Whether your shiny new Mac is for work – or for home – here’s how to get started.

Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Marc Kneepkens's curator insight, February 21, 1:22 PM

Good to get a more in depth explanation about Macs and security.

Scooped by Gust MEES
Scoop.it!

Mac OS X Trojan That Steals Bitcoins Spotted in the Wild

Mac OS X Trojan That Steals Bitcoins Spotted in the Wild | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Security researchers from SecureMac warn Mac OS X users of a new Trojan that’s designed to steal login credentials for their Bitcoin wallets. Th...
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

How to Steal an iPhone's Passcode (from up to 150 feet away!)

How to Steal an iPhone's Passcode (from up to 150 feet away!) | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
See that guy on on the other side of the room wearing Google Glass?

He could have just stolen your iPhone's passcode.
Gust MEES's insight:

See that guy on on the other side of the room wearing Google Glass?

He could have just stolen your iPhone's passcode.


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple's iOS 8 will help keep out Wi-Fi marketers and snoops, but not totally

Apple's iOS 8 will help keep out Wi-Fi marketers and snoops, but not totally | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
A small change in iOS 8 will make privacy advocates happy, although it's going to be a tough pill to swallow for mobile marketers










Check the video ===> Busting wireless security myths <===


Learn more:


https://gustmees.wordpress.com/2013/05/27/dangers-of-wifi-in-public-places/


Gust MEES's insight:

Check the video ===> Busting wireless security myths <===


Learn more:


https://gustmees.wordpress.com/2013/05/27/dangers-of-wifi-in-public-places/



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole

"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
A hacker has found a way to bypass the iPhone 5 lock screen to get at your contacts. Ironically, he got in by asking Siri, Apple's voice-activated "helper."


The iPhone's lock screen is the easiest way to protect your phone from prying eyes in the event that it is lost or stolen - but activating Siri from the lock screen is like having no protection at all.

Siri caused other lock screen problems that needed fixing - it seems like déjà vu all over again - where holding down the home button allowed you to just ask nicely for your phone to bypass its own security.

The bug affects devices running iOS 7.1.1 - the latest Apple release.



Here's how to close the hole while...


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Does Apple care more about securing Mac users than iPhone users?

Does Apple care more about securing Mac users than iPhone users? | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
In the last couple of days, Apple has issued critical security patches for iOS, Mac OS X, the Apple Airport Base Station, and even the innocuous hockey puck-shaped Apple TV. And I trust, as a regul...


A malicious hacker could have taken one of these patched OS X vulnerabilities, and weaponised it for exploitation in a zero-day attack against iPhone and iPad users.

.

Every time Apple treats its smartphone and tablet customers as poor relations when it comes to security, they are putting millions of users at risk.


Learn more:



Gust MEES's insight:

Every time Apple treats its smartphone and tablet customers as poor relations when it comes to security, they are putting millions of users at risk.

.

Learn more:


.


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Heartbleed OpenSSL bug: FAQ for Mac, iPhone and iPad users

Heartbleed OpenSSL bug: FAQ for Mac, iPhone and iPad users | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
In the last couple of days you cannot fail to have seen the huge number of media articles about the so-called Heartbleed bug. In this article, we'll try and answer some of the common questions that...


Am I at risk if I use a Mac? What about an iPhone or iPad?

Unfortunately this bug doesn’t care what kind of device you are using to communicate via the Internet. This means that iPhones, iPads and Macs are just as much at risk as, say, a computer running Windows 8.1.

Learn more:


Gust MEES's insight:


Am I at risk if I use a Mac? What about an iPhone or iPad?

Unfortunately this bug doesn’t care what kind of device you are using to communicate via the Internet. This means that iPhones, iPads and Macs are just as much at risk as, say, a computer running Windows 8.1.


Learn more:



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Fake Tor browser for iOS laced with adware, spyware, members warn

Fake Tor browser for iOS laced with adware, spyware, members warn | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Title available since November raises questions about App Store vetting process.


Apple has never described exactly what its process is for ensuring the titles in its App Store are safe.


Although the comparatively fewer reports of rogue apps for iOS suggest that the review process is more stringent than Google's, the report ticket from Tor's high-ranking members suggests that Apple may not be doing everything it can or should do to protect iPhone and iPad users.


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple and security: 5 deadly development sins

Apple and security: 5 deadly development sins | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
If Apple carries on with its many programming misdeeds, it will soon see a breakdown in its shiny, new security
Gust MEES's insight:
Learn more:- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple finally patches critical SSL flaw in OS X

Apple finally patches critical SSL flaw in OS X | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released an update for OS X that, among other things, patches the infamous  "gotofail" bug whose existence was publicly revealed last Friday.

The flaw was initially patched on iOS and Apple TV with updates pushed out on that same day, but OS X users were left to wonder why a fix hasn't been provided for them as well. 


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=gotofail


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple encryption mistake puts many desktop applications at risk

Apple encryption mistake puts many desktop applications at risk | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple's Mail, FaceTime, Calendar, Safari browser and Software Update could be vulnerable, a researcher said.
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Former Apple Security Engineer To Apple: 'Fix Your Sh-t'

Former Apple Security Engineer To Apple: 'Fix Your Sh-t' | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
If it wasn't yet clear to Apple that its 'gotofail' security flaw has the undivided attention of the information security industry, one of its own recently departed star engineers just spelled out the severity of that bug in highly profane terms. "WHAT THE EVER LOVING F**K, APPLE??!?!!" wrote former Apple security [...]


Paget, a well-regarded researcher who left her position on Apple’s security team for a job at Tesla just earlier this month, wrote perhaps the most scathing critique yet of the company’s security response to its “gotofail” bug, which would allow a wide array of Apple programs’ SSL-encrypted communications to be hijacked, eavesdropped or corrupted. The vulnerability, which earned its nickname due to being caused by a single misplaced “goto” command in Apple’s code, was patched Friday for iOS.


But researchers quickly found that it affected Apple’s desktop OSX software as well, ===> and the company has yet to fix the desktop version of the bug. <===


Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple security update fixes iOS vulnerability

Apple security update fixes iOS vulnerability | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
The tech giant fixes a security problem in iOS that affected encrypted connections. Apple on Friday released the latest update of its mobile operating system. It's of note because it fixes an SSL connection issue, an important encryption vulnerability.




SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. Without it, almost anybody can see what you're doing online. According to Apple's fulldescription of the update, the software previously had problems validating the authenticity of the connection, and the software fix restores steps that were missing in the validation process.


Gust MEES's insight:


Learn more:


 - http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Bitcoin-stealing Mac malware found on popular download websites

Bitcoin-stealing Mac malware found on popular download websites | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
MacUpdate and CNet's Download.com help Bitcoin-hungry malware to spread onto Apple Mac computers.

Are you running anti-virus software on your Mac yet?
Gust MEES's insight:


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.