Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
10.3K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Opening a PDF on your iPhone could infect it with malware | #Update asap!!!

Opening a PDF on your iPhone could infect it with malware | #Update asap!!! | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Newly-disclosed vulnerability reveals that an attacker could send you a boobytrapped PDF that would cause malicious code to run on your iPhone.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Newly-disclosed vulnerability reveals that an attacker could send you a boobytrapped PDF that would cause malicious code to run on your iPhone.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
Fernando de la Cruz Naranjo Grisales's curator insight, March 25, 4:36 PM

Newly-disclosed vulnerability reveals that an attacker could send you a boobytrapped PDF that would cause malicious code to run on your iPhone.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

Scooped by Gust MEES
Scoop.it!

Un nouveau malware découvert sur iOS | #AceDeceiver #Apple #CyberSecurity #CyberCrime #iPad #iPhone 

Un nouveau malware découvert sur iOS | #AceDeceiver #Apple #CyberSecurity #CyberCrime #iPad #iPhone  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Décidément les chercheurs du Palo Alto Networks ont fort à faire ces dernières semaines. Après le ransomware KeRanger détecté sur MacOSX, c'est au tour d'iOS d'être touché par un nouveau malware. Toutefois, AceDeceiver fait dans la nouveauté. Au lieu d'essayer de leurrer les systèmes d'Apple, ce dernier a trouvé un moyen de pénétrer iOS sans même avoir besoin d'un quelconque certificat.

Habituellement lorsqu'un utilisateur achète et télécharge des applications depuis iTunes/App Store, la boutique demande obligatoirement un code d'autorisation afin d'approuver et de sécuriser l'installation. 
Dans le cas de cette attaque, les hackers ont exploité une faille pour récupérer le code généré par iTunes. De cette manière, ils peuvent installer n'importe quelle application souhaitée sur appareil. Ils ont par la suite développé un logiciel qui simule le comportement d'un client iTunes cela permet de leurrer le système qui pense que l'application a bien été achetée et qu'elle est sécurisée. L'installation de l'application corrompue ce fait alors sans aucun problème sur votre appareil.

Ce type d'attaque "man in the middle" est très problématique car quand bien même les applications corrompues sont supprimées de l'App Store, la faille reste accessible. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

Gust MEES's insight:
Décidément les chercheurs du Palo Alto Networks ont fort à faire ces dernières semaines. Après le ransomware KeRanger détecté sur MacOSX, c'est au tour d'iOS d'être touché par un nouveau malware. Toutefois, AceDeceiver fait dans la nouveauté. Au lieu d'essayer de leurrer les systèmes d'Apple, ce dernier a trouvé un moyen de pénétrer iOS sans même avoir besoin d'un quelconque certificat.

Habituellement lorsqu'un utilisateur achète et télécharge des applications depuis iTunes/App Store, la boutique demande obligatoirement un code d'autorisation afin d'approuver et de sécuriser l'installation. 
Dans le cas de cette attaque, les hackers ont exploité une faille pour récupérer le code généré par iTunes. De cette manière, ils peuvent installer n'importe quelle application souhaitée sur appareil. Ils ont par la suite développé un logiciel qui simule le comportement d'un client iTunes cela permet de leurrer le système qui pense que l'application a bien été achetée et qu'elle est sécurisée. L'installation de l'application corrompue ce fait alors sans aucun problème sur votre appareil.

Ce type d'attaque "man in the middle" est très problématique car quand bien même les applications corrompues sont supprimées de l'App Store, la faille reste accessible. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

iOS malware AceDeceiver can infect non-jailbroken Apple devices | #iPad #iPhone

iOS malware AceDeceiver can infect non-jailbroken Apple devices | #iPad #iPhone | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
This new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

 

Gust MEES's insight:
This new strain of malware designed for the iPhone and iPad poses a major risk to hundreds of millions of devices, because it can infect non-jailbroken devices without the user's knowledge.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Here's how easy it is to get past an iPhone's fingerprint sensor | Apple | Nobody Is Perfect

Here's how easy it is to get past an iPhone's fingerprint sensor | Apple | Nobody Is Perfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
All you need is a dental mould and some Play-Doh.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
All you need is a dental mould and some Play-Doh.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
Scooped by Gust MEES
Scoop.it!

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

Gust MEES's insight:
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

10 Years of Mac Malware: How OS X Threats Have Evolved [Infographic] | CyberSecurity | Apple 

10 Years of Mac Malware: How OS X Threats Have Evolved [Infographic] | CyberSecurity | Apple  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
This infographic timeline highlights the nastiest, most prevalent Mac OS X security threats to demonstrate just how Mac malware has evolved over the past 10 years.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
This infographic timeline highlights the nastiest, most prevalent Mac OS X security threats to demonstrate just how Mac malware has evolved over the past 10 years.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Discover how many ways there were to hack your Apple TV | IoT | Internet Of Things | CyberSecurity

Discover how many ways there were to hack your Apple TV | IoT | Internet Of Things | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers.

Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution, information disclosure, crash of the application, modifications to protect parts of the filesystem.

This new release of Apple TV version 7.2.1, comes 10 months after the lasted update issued in April 2015. The new version fixes a number of security vulnerabilities in several components of the Apple TV. The company has patched 33 issued, collectively referenced in 58 CVEs, Apple fixed 19 code execution holes that could be exploited with crafted web content.

The changes will be automatically applied to the users that have enabled the automatic updates.


Learn more / En savoir plus / Mehr erfahren:


https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/


http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine


http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things


http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV


http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things


http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/


http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:

IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers.

Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution, information disclosure, crash of the application, modifications to protect parts of the filesystem.

This new release of Apple TV version 7.2.1, comes 10 months after the lasted update issued in April 2015. The new version fixes a number of security vulnerabilities in several components of the Apple TV. The company has patched 33 issued, collectively referenced in 58 CVEs, Apple fixed 19 code execution holes that could be exploited with crafted web content.

The changes will be automatically applied to the users that have enabled the automatic updates.


Learn more / En savoir plus / Mehr erfahren:


https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/


http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine


http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things


http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV


http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things


http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/


http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple releases an official fix for iPhone bricking 'Error 53' issue

Apple releases an official fix for iPhone bricking 'Error 53' issue | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released an update for iOS 9.2.1, which will solve the annoying ‘Error 53’ message that was bricking iPhones.

If you’re not familiar, Error 53 happened when devices with new Touch ID sensors from unauthorized Apple repair shops — using components not sourced properly — failed fingerprint scans.

When the new Touch ID hardware was used, it caused iOS to freak out; it could tell the components weren’t original, and thus shut the phone down entirely as a safety precaution.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Error53


Gust MEES's insight:
Apple has released an update for iOS 9.2.1, which will solve the annoying ‘Error 53’ message that was bricking iPhones.

If you’re not familiar, Error 53 happened when devices with new Touch ID sensors from unauthorized Apple repair shops — using components not sourced properly — failed fingerprint scans.

When the new Touch ID hardware was used, it caused iOS to freak out; it could tell the components weren’t original, and thus shut the phone down entirely as a safety precaution.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Error53


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Flaw in Sparkle Updater for Mac opens users of popular apps to system compromise

Flaw in Sparkle Updater for Mac opens users of popular apps to system compromise | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be exploited by attackers to mount a man-in-the-middle attack and ultimately take control of the computer if they are located on the same network.

Since it inception in 2006, Sparkle slowly became the de-facto standard for OS X application updates. It is used by many, many popular applicationsincluding Evernote, Coda, VLC Media Player, Slack, and TeamViewer (to name a few), but not all these apps are vulnerable to this attack.

That's because the flaw can be exploited only if the app using the vulnerable version of Sparkle also uses HTTP to receive updates.

"The vulnerability is not in code signing itself. It exists due to the functionality provided by the WebKit view that allows JavaScript execution and the ability to modify unencrypted HTTP traffic (XML response)," explained the researcher, who goes by the name of Radek.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:

A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be exploited by attackers to mount a man-in-the-middle attack and ultimately take control of the computer if they are located on the same network.

Since it inception in 2006, Sparkle slowly became the de-facto standard for OS X application updates. It is used by many, many popular applicationsincluding Evernote, Coda, VLC Media Player, Slack, and TeamViewer (to name a few), but not all these apps are vulnerable to this attack.

That's because the flaw can be exploited only if the app using the vulnerable version of Sparkle also uses HTTP to receive updates.

"The vulnerability is not in code signing itself. It exists due to the functionality provided by the WebKit view that allows JavaScript execution and the ability to modify unencrypted HTTP traffic (XML response)," explained the researcher, who goes by the name of Radek.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security





more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple's iOS 9.2.1 is here, and it fixes a security hole from 2013 | CyberSecurity

Apple's iOS 9.2.1 is here, and it fixes a security hole from 2013 | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
New iOS 9.2.1 is now available.


Users of iPhones, iPads and iPods probably didn't give much thought to Tuesday's iOS update, which brings the mobile OS to version 9.2.1.

According to Apple, the update contains "security updates and bug fixes," with the company highlighting an issue that can prevent app installation completion when using an MDM server (more data can be found here).


But it's notable that one of those security updates fixes quite a nasty security bug that's been discovered nearly three years ago.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security




Gust MEES's insight:
New iOS 9.2.1 is now available.


Users of iPhones, iPads and iPods probably didn't give much thought to Tuesday's iOS update, which brings the mobile OS to version 9.2.1.

According to Apple, the update contains "security updates and bug fixes," with the company highlighting an issue that can prevent app installation completion when using an MDM server (more data can be found here).


But it's notable that one of those security updates fixes quite a nasty security bug that's been discovered nearly three years ago.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Software with the most vulnerabilities in 2015: Mac OS X, iOS, and Flash | Apple | Nobody Is Perfect

Software with the most vulnerabilities in 2015: Mac OS X, iOS, and Flash | Apple | Nobody Is Perfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apple’s Mac OS X, with 384 vulnerabilities. The runner-up? Apple’s iOS, with 375 vulnerabilities.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/securite-pc-et-internet


Gust MEES's insight:
Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apple’s Mac OS X, with 384 vulnerabilities. The runner-up? Apple’s iOS, with 375 vulnerabilities.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/securite-pc-et-internet


more...
Gust MEES's curator insight, January 1, 11:39 AM
Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apple’s Mac OS X, with 384 vulnerabilities. The runner-up? Apple’s iOS, with 375 vulnerabilities.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/securite-pc-et-internet


Umberto Orefice's curator insight, January 2, 11:09 AM

Good to know..

Dennis Swender's curator insight, March 13, 10:07 AM
Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apple’s Mac OS X, with 384 vulnerabilities. The runner-up? Apple’s iOS, with 375 vulnerabilities.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/securite-pc-et-internet


Scooped by Gust MEES
Scoop.it!

Cybercriminals will target Apple in 2016, say experts - BBC News | CyberSecurity

Cybercriminals will target Apple in 2016, say experts - BBC News | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Cybercriminals are increasingly targeting Apple devices and 2016 will see a rise in attacks on its operating systems, security experts suggest.

According to security firm Symantec, the amount of malware aimed at Apple's mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.

Security firm FireEye also expects 2016 to be a bumper year for Apple malware.

Systems such as Apple Pay could be targeted, it predicts.

Apple is an obvious target for cybercriminals because its products are so popular, said Dick O'Brien, a researcher at Symantec.

While the total number of threats targeting Apple devices remains low compared with Windows and Android, Symantec is seeing the range of threats multiply.

Last year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.

"This is far fewer than Windows desktops and we don't want to scaremonger. Apple remains a relatively safe platform but Apple users can no longer be complacent about security, as the number of infections and new threats rise," said Mr O'Brien.

The number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Cybercriminals are increasingly targeting Apple devices and 2016 will see a rise in attacks on its operating systems, security experts suggest.

According to security firm Symantec, the amount of malware aimed at Apple's mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.

Security firm FireEye also expects 2016 to be a bumper year for Apple malware.

Systems such as Apple Pay could be targeted, it predicts.

Apple is an obvious target for cybercriminals because its products are so popular, said Dick O'Brien, a researcher at Symantec.

While the total number of threats targeting Apple devices remains low compared with Windows and Android, Symantec is seeing the range of threats multiply.

Last year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.

"This is far fewer than Windows desktops and we don't want to scaremonger. Apple remains a relatively safe platform but Apple users can no longer be complacent about security, as the number of infections and new threats rise," said Mr O'Brien.

The number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.



Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac OS X malware is heating up | Apple | Nobody Is Perfect | CyberSecurity

Mac OS X malware is heating up | Apple | Nobody Is Perfect | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
A new threat research report conducted by Bit9+ Carbon Black’s research team found that in 2015, there was 948 malware instances. The number of  OS X malware samples this year is five times greater than in 2010-2014 combined — where there was only 180 malware instances over a four-year period. Based on observations in a 10-week analysis: the research team anticipates MAC OS X malware to surge in the coming months.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
A new threat research report conducted by Bit9+ Carbon Black’s research team found that in 2015, there was 948 malware instances. The number of  OS X malware samples this year is five times greater than in 2010-2014 combined — where there was only 180 malware instances over a four-year period. Based on observations in a 10-week analysis: the research team anticipates MAC OS X malware to surge in the coming months.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple iPhone zero-day could let crooks steal photos, videos and more…

Apple iPhone zero-day could let crooks steal photos, videos and more… | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Well known American cryptographer Matthew Green has just announced a zero-day flaw in Apple’s iMessage, and perhaps in other online Apple services.

Green and a team of students from Johns Hopkins University in Baltimore, Maryland, figured out a cryptographic flaw in the way iPhones interact with Apple’s servers.

(To give them their due, the students are named by The Register as: Ian Miers, Christina Garman, Gabriel Kaptchuk, and Michael Rushanan.)

The hole apparently allows a determined attacker to shake loose photos and videos sent via Apple’s iMessage service by figuring out the needed cryptographic secrets bit-by-bit, photo-by-photo.

In other words, this is not a trivial attack; it doesn’t break open any of your Apple accounts to give open access to crooks; and it doesn’t let an attacker download all your digital treasures in one go.

As far as we can see, you get one photo or video each time you mount the attack, about which the abovementioned Ian Miers has tweeted “you have 14 hours to guess what the attack is.”

That tweet was 8 hours ago [as at 2016-03-21T12:30Z], so perhaps he means that Apple’s fix is coming out in six hours’ time, because the team’s paper will intentionally only be published after Apple ships its patch.

Miers also tweeted that “[t]he attack is more interesting than just attachments and affected more than just iMessage. Apple had to fix other apps, but won’t say what.”

Ah, the mystery!

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Well known American cryptographer Matthew Green has just announced a zero-day flaw in Apple’s iMessage, and perhaps in other online Apple services.

Green and a team of students from Johns Hopkins University in Baltimore, Maryland, figured out a cryptographic flaw in the way iPhones interact with Apple’s servers.

(To give them their due, the students are named by The Register as: Ian Miers, Christina Garman, Gabriel Kaptchuk, and Michael Rushanan.)

The hole apparently allows a determined attacker to shake loose photos and videos sent via Apple’s iMessage service by figuring out the needed cryptographic secrets bit-by-bit, photo-by-photo.

In other words, this is not a trivial attack; it doesn’t break open any of your Apple accounts to give open access to crooks; and it doesn’t let an attacker download all your digital treasures in one go.

As far as we can see, you get one photo or video each time you mount the attack, about which the abovementioned Ian Miers has tweeted “you have 14 hours to guess what the attack is.”

That tweet was 8 hours ago [as at 2016-03-21T12:30Z], so perhaps he means that Apple’s fix is coming out in six hours’ time, because the team’s paper will intentionally only be published after Apple ships its patch.

Miers also tweeted that “[t]he attack is more interesting than just attachments and affected more than just iMessage. Apple had to fix other apps, but won’t say what.”

Ah, the mystery!

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
Fernando de la Cruz Naranjo Grisales's curator insight, March 25, 4:36 PM
Well known American cryptographer Matthew Green has just announced a zero-day flaw in Apple’s iMessage, and perhaps in other online Apple services.

Green and a team of students from Johns Hopkins University in Baltimore, Maryland, figured out a cryptographic flaw in the way iPhones interact with Apple’s servers.

(To give them their due, the students are named by The Register as: Ian Miers, Christina Garman, Gabriel Kaptchuk, and Michael Rushanan.)

The hole apparently allows a determined attacker to shake loose photos and videos sent via Apple’s iMessage service by figuring out the needed cryptographic secrets bit-by-bit, photo-by-photo.

In other words, this is not a trivial attack; it doesn’t break open any of your Apple accounts to give open access to crooks; and it doesn’t let an attacker download all your digital treasures in one go.

As far as we can see, you get one photo or video each time you mount the attack, about which the abovementioned Ian Miers has tweeted “you have 14 hours to guess what the attack is.”

That tweet was 8 hours ago [as at 2016-03-21T12:30Z], so perhaps he means that Apple’s fix is coming out in six hours’ time, because the team’s paper will intentionally only be published after Apple ships its patch.

Miers also tweeted that “[t]he attack is more interesting than just attachments and affected more than just iMessage. Apple had to fix other apps, but won’t say what.”

Ah, the mystery!

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Scooped by Gust MEES
Scoop.it!

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect 

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Der womöglich erste Trojaner für iOS, die nicht von Jailbreaks geschwächte iPhones und iPads befallen können, lautet auf den Namen AceDeceiver. Die Sicherheitsspezialisten von Palo Alto Networks haben heute einen ausführlichen Blogbeitrag veröffentlicht, in dem sie die Funktionsweise erklären. Derzeit besteht zwar keine konkrete Gefahr, da Apple bereits vor drei Wochen von Palo Alto informiert wurde und die von AceDeceiver in den App Store geschmuggelten Apps aus dem Angebot entfernt hat.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Erpressungs-Trojaner KeRanger: Wie Sie Ihren Mac schützen | Apple | Ransomware | CyberSecurity | CyberCrime

Erpressungs-Trojaner KeRanger: Wie Sie Ihren Mac schützen | Apple | Ransomware | CyberSecurity | CyberCrime | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Erstmals zielt funktionstüchtige Ransomware auf OS-X-Nutzer ab. Nach der Infektion bleiben drei Tage, bis "KeRanger" Dokumente verschlüsselt. Nutzer sollten prüfen, ob sie betroffen sind – und Gegenmaßnahmen ergreifen.

Die Mac-Schad-Software "KeRanger" setzte als Infektionsweg – soweit bislang bekannt – auf den BitTorrent-Client Transmission. Die Angreifer hatten offenbar Zugriff auf den Server, über den das OS-X-Programm verteilt wird. Das normale Disk-Image mit Transmission 2.90 sei durch eine manipulierte Version ersetzt worden, die nach Angabe der Entwickler nur rund 6500 Mal heruntergeladen wurde.

Nach der Infektion wartet KeRanger drei Tage ab, bis die Malware anfängt, Nutzerdokumente zu verschlüsseln, als Lösegeld wird vom Nutzer dann ein Bitcoin gefordert, umgerechnet rund 380 Euro. Es ist möglich, dass KeRanger künftig auch auf andere Wege zur Infektion setzt.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Erstmals zielt funktionstüchtige Ransomware auf OS-X-Nutzer ab. Nach der Infektion bleiben drei Tage, bis "KeRanger" Dokumente verschlüsselt. Nutzer sollten prüfen, ob sie betroffen sind – und Gegenmaßnahmen ergreifen.

Die Mac-Schad-Software "KeRanger" setzte als Infektionsweg – soweit bislang bekannt – auf den BitTorrent-Client Transmission. Die Angreifer hatten offenbar Zugriff auf den Server, über den das OS-X-Programm verteilt wird. Das normale Disk-Image mit Transmission 2.90 sei durch eine manipulierte Version ersetzt worden, die nach Angabe der Entwickler nur rund 6500 Mal heruntergeladen wurde.

Nach der Infektion wartet KeRanger drei Tage ab, bis die Malware anfängt, Nutzerdokumente zu verschlüsseln, als Lösegeld wird vom Nutzer dann ein Bitcoin gefordert, umgerechnet rund 380 Euro. Es ist möglich, dass KeRanger künftig auch auf andere Wege zur Infektion setzt.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

All your Mac's old install CDs won't work anymore | Nobody Is Perfect | Apple | EdTech 

All your Mac's old install CDs won't work anymore | Nobody Is Perfect | Apple | EdTech  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
When Apple’s Worldwide Developer Certificate expired in February it caused problems for some developers, but another major problem that’s going to affect more people has just surfaced: it breaks OS X installers.

If you’ve created an OS X installation CD or downloaded an installer it won’t work anymore because it can’t be verified with Apple. To get it going again, you need to re-download the entire installer and create a new CD, which is an utter hassle.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

Gust MEES's insight:
When Apple’s Worldwide Developer Certificate expired in February it caused problems for some developers, but another major problem that’s going to affect more people has just surfaced: it breaks OS X installers.

If you’ve created an OS X installation CD or downloaded an installer it won’t work anymore because it can’t be verified with Apple. To get it going again, you need to re-download the entire installer and create a new CD, which is an utter hassle.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Mac-Trojaner löst Spekulationen über Hacking-Team-Rückkehr aus | Apple | CyberSecurity

Mac-Trojaner löst Spekulationen über Hacking-Team-Rückkehr aus | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Auf Virus Total ist ein Trojaner für OS X aufgetaucht, der allem Anschein nach zu einem Spionage-Tool der Firma Hacking Team gehört. Sind die Italiener zurück und hacken wieder?

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Auf Virus Total ist ein Trojaner für OS X aufgetaucht, der allem Anschein nach zu einem Spionage-Tool der Firma Hacking Team gehört. Sind die Italiener zurück und hacken wieder?

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
Gust MEES's curator insight, March 1, 12:13 PM
Auf Virus Total ist ein Trojaner für OS X aufgetaucht, der allem Anschein nach zu einem Spionage-Tool der Firma Hacking Team gehört. Sind die Italiener zurück und hacken wieder?

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Scooped by Gust MEES
Scoop.it!

OceanLotus OS X Malware Disguises Itself as Adobe Flash Update | CyberSecurity | Apple | Mac

OceanLotus OS X Malware Disguises Itself as Adobe Flash Update | CyberSecurity | Apple | Mac | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Is your Mac protected against the OS X version of OceanLotus, a sophisticated trojan horse that has been used to spy against businesses and government agencies?


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Is your Mac protected against the OS X version of OceanLotus, a sophisticated trojan horse that has been used to spy against businesses and government agencies?


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, February 14, 6:41 PM
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Scooped by Gust MEES
Scoop.it!

Fake Flash Player Update Infects Mac with Scareware

Fake Flash Player Update Infects Mac with Scareware | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Anyone who has been using computers for any length of time should (hopefully) be aware of the endless ritual of updating Adobe Flash against security vulnerabilities. Even if you don't run Flash on your computer, you've surely seen the many headlines in the tech media over the years of the importance of keeping Adobe Flash (and its Acrobat PDF Reader stablemate) updated to protect against malicious attack.

So, what better way to trick someone into having their computer infected than by disguising it as an actual Adobe Flash update?

That's precisely what criminals are doing now, in their attempts to infect Apple Mac users with scareware.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Anyone who has been using computers for any length of time should (hopefully) be aware of the endless ritual of updating Adobe Flash against security vulnerabilities. Even if you don't run Flash on your computer, you've surely seen the many headlines in the tech media over the years of the importance of keeping Adobe Flash (and its Acrobat PDF Reader stablemate) updated to protect against malicious attack.

So, what better way to trick someone into having their computer infected than by disguising it as an actual Adobe Flash update?

That's precisely what criminals are doing now, in their attempts to infect Apple Mac users with scareware.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security




more...
No comment yet.
Rescooped by Gust MEES from ICT Security-Sécurité PC et Internet
Scoop.it!

Apple updates OS X, iOS 9 with security fixes | ZDNet

Apple updates OS X, iOS 9 with security fixes | ZDNet | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.


Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.

Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.


Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.

Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, January 20, 6:39 AM
The company releases iOS 9.2.1 and OS X 10.11.3 with mostly security fixes.


Nine fixes were posted for the Mac platform, including a fix for a flaw that could've allowed an attacker to execute code with kernel privileges. The patch also comes with fix for an issue that prevents some Macs from waking from sleep when connected to some 4K-resolution displays.

Another batch of nine fixes were also posted for the iOS platform, including a WebSheet flaw that could've allowed a malicious captive portal from accessing user cookies.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Scooped by Gust MEES
Scoop.it!

MacKeeper carelessly leaves 13 million Mac users exposed | Apple | Nobody Is Perfect

MacKeeper carelessly leaves 13 million Mac users exposed | Apple | Nobody Is Perfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Researcher Chris Vickery stumbled across over 13 million sensitive account details related to MacKeeper, after using the Shodan search engine to hunt for database servers left open to the internet, that required no authentication.

Sure enough, Vickery's search found four different IP addresses of servers belonging to Kromtech.

And on those servers, Vickery found over 20GB of MacKeeper user data - including names, email addresses, phone numbers, IP addresses, software licenses, system information and users' hashed passwords.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Researcher Chris Vickery stumbled across over 13 million sensitive account details related to MacKeeper, after using the Shodan search engine to hunt for database servers left open to the internet, that required no authentication.

Sure enough, Vickery's search found four different IP addresses of servers belonging to Kromtech.

And on those servers, Vickery found over 20GB of MacKeeper user data - including names, email addresses, phone numbers, IP addresses, software licenses, system information and users' hashed passwords.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple security updates a sign of things to come | CyberSecurity

Apple security updates a sign of things to come | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
While Patch Tuesday is a well-known event for Microsoft and Adobe users, Apple product owners this week received a dose of reality when they found themselves on the receiving end of several security updates.

Apple released multiple updates that touch most of its product portfolio and Apple fans can look forward to more of the same as the company's devices are targeted by cybercriminals, according to Symantec blogger and senior information developer Dick O'Brien. While the number of threats is miniscule compared to what Microsoft, Google and Adobe users face, they are increasing.


Learn more / Mehr erfahren / En savoir plus :


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Patch+Tuesday+made+in+Apple


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
While Patch Tuesday is a well-known event for Microsoft and Adobe users, Apple product owners this week received a dose of reality when they found themselves on the receiving end of several security updates.

Apple released multiple updates that touch most of its product portfolio and Apple fans can look forward to more of the same as the company's devices are targeted by cybercriminals, according to Symantec blogger and senior information developer Dick O'Brien. While the number of threats is miniscule compared to what Microsoft, Google and Adobe users face, they are increasing.


Learn more / Mehr erfahren / En savoir plus :


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Patch+Tuesday+made+in+Apple


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.