Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
10.7K views | +0 today
Follow
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

76 popular iPhone apps found wide open to data interception attacks | #Apple 

76 popular iPhone apps found wide open to data interception attacks | #Apple  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Furthermore, there is no doubt that Apple has done a much better job of keeping its iPhone and iPad customers patched with the latest security operating system updates than many of the Android manufacturers – some of whom have left their users in the lurch with badly out-of-date and at-risk software.

But malware and operating system vulnerabilities aren’t the only considerations.

 

The truth is that the most significant threat is probably not your chances of encountering malware, or whether your OS is properly patched, but rather the third-party apps that you have installed on your device.

After all, you don’t know what your apps are *really* doing do you, or how well they’re keeping your sensitive information safe and secure?

 

New research has discovered scores of buggy iOS apps that do a lousy job of securing users’ information, and could be making life all too easy for hackers keen to intercept and steal data.

Security researcher Will Strafach says that he was able to identify 76 popular apps in the official App Store that failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Furthermore, there is no doubt that Apple has done a much better job of keeping its iPhone and iPad customers patched with the latest security operating system updates than many of the Android manufacturers – some of whom have left their users in the lurch with badly out-of-date and at-risk software.

But malware and operating system vulnerabilities aren’t the only considerations.

 

The truth is that the most significant threat is probably not your chances of encountering malware, or whether your OS is properly patched, but rather the third-party apps that you have installed on your device.

After all, you don’t know what your apps are *really* doing do you, or how well they’re keeping your sensitive information safe and secure?

 

New research has discovered scores of buggy iOS apps that do a lousy job of securing users’ information, and could be making life all too easy for hackers keen to intercept and steal data.

Security researcher Will Strafach says that he was able to identify 76 popular apps in the official App Store that failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple's Messages app isn't as private as you think | #Privacy #Apps #digcit #NobodyIsPerfect #EdTech

Apple's Messages app isn't as private as you think | #Privacy #Apps #digcit #NobodyIsPerfect #EdTech | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Although it has previously claimed otherwise, Apple stores Messages metadata and can be compelled by court orders to hand over such data logs.

 

It turns out that’s not entirely true: The Intercept has secured a document from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, that details how Messages stores metadata about every phone number you try to contact through the app, and how police can get their hands on that data by filing a request.

 

Here’s how it works: When you enter a number into Messages on your iPhone, the app pings Apple servers to figure out whether it should send your message over SMS or over the company’s encrypted service (if the recipient also uses Messages).

 

Apple records those queries, in addition to the date and time when you entered that number, as well as your IP address – which could used to determine your approximate location. The company is compelled to hand over these logs when served with court orders in connection with investigations.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

Gust MEES's insight:
Although it has previously claimed otherwise, Apple stores Messages metadata and can be compelled by court orders to hand over such data logs.

 

It turns out that’s not entirely true: The Intercept has secured a document from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, that details how Messages stores metadata about every phone number you try to contact through the app, and how police can get their hands on that data by filing a request.

 

Here’s how it works: When you enter a number into Messages on your iPhone, the app pings Apple servers to figure out whether it should send your message over SMS or over the company’s encrypted service (if the recipient also uses Messages).

 

Apple records those queries, in addition to the date and time when you entered that number, as well as your IP address – which could used to determine your approximate location. The company is compelled to hand over these logs when served with court orders in connection with investigations.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

BitTorrent app Transmission once again source of macOS malware | #Apple #CyberSecurity 

BitTorrent app Transmission once again source of macOS malware | #Apple #CyberSecurity  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Once again, BitTorrent client Transmission has distributed malware to some users through an altered installer, with downloaders of the software on Aug. 28 and 29 probably infected by the "Keydnap" package.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Once again, BitTorrent client Transmission has distributed malware to some users through an altered installer, with downloaders of the software on Aug. 28 and 29 probably infected by the "Keydnap" package.

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple promises iOS fix “soon” for crashes in Safari and other apps

Apple promises iOS fix “soon” for crashes in Safari and other apps | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple made iOS 9.3 available last week, fixing a number of serious security holes.

But it hasn’t been plain sailing for everyone, with hundreds of Apple users complaining in the Apple Support Communities and on Twitter that links in Safari, Mail, Messages and other apps sometimes cause their iDevices to crash, freeze or hang.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple made iOS 9.3 available last week, fixing a number of serious security holes.

But it hasn’t been plain sailing for everyone, with hundreds of Apple users complaining in the Apple Support Communities and on Twitter that links in Safari, Mail, Messages and other apps sometimes cause their iDevices to crash, freeze or hang.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple-User erpresst: Mac-Virus KeRanger greift OS X an | CyberSecurity | CyberCrime | KeRanger

Apple-User erpresst: Mac-Virus KeRanger greift OS X an | CyberSecurity | CyberCrime | KeRanger | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Erstmals greift ein Erpresser-Trojaner Mac-User an. Die Ransomware KeRanger hat sich über eine infizierte Version der Torrentsoftware Transmission verbreitet.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Erstmals greift ein Erpresser-Trojaner Mac-User an. Die Ransomware KeRanger hat sich über eine infizierte Version der Torrentsoftware Transmission verbreitet.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App | Apple | CyberSecurity

Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Sadly it seems clear that ransomware has well and truly arrived for OS X.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Sadly it seems clear that ransomware has well and truly arrived for OS X.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity

Available On THE AppStore: 'Huge' number of Mac apps are vulnerable to man-in-the-middle attacks | Apple | Nobody Is Perfect | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



Gust MEES's insight:
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, February 14, 2016 6:41 PM
Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Scooped by Gust MEES
Scoop.it!

Hackerangriff auf Apple: Diese Apps sind betroffen | MobileSecurity

Hackerangriff auf Apple: Diese Apps sind betroffen | MobileSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple hat bekanntgegeben, dass der hauseigene App Store erfolgreich von Hackern angegriffen wurde. Im Rahmen des Angriffs wurden hunderte Apps mit schädlichem Code infiziert, die anschließend zum Download bereitstanden.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:
Apple hat bekanntgegeben, dass der hauseigene App Store erfolgreich von Hackern angegriffen wurde. Im Rahmen des Angriffs wurden hunderte Apps mit schädlichem Code infiziert, die anschließend zum Download bereitstanden.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library.

But if you're a programmer with a flakey internet connection, you may decide that you can't be bothered trying to download it from Apple's own servers, but instead download it from elsewhere on the net.

That could turn out to be an unfortunate mistake.

Scores of iOS apps have been uncovered infected with the XcodeGhost malware, all compiled with a poisoned version of Xcode.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:
If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library.

But if you're a programmer with a flakey internet connection, you may decide that you can't be bothered trying to download it from Apple's own servers, but instead download it from elsewhere on the net.

That could turn out to be an unfortunate mistake.

Scores of iOS apps have been uncovered infected with the XcodeGhost malware, all compiled with a poisoned version of Xcode.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.
Rescooped by Gust MEES from Luxembourg (Europe)
Scoop.it!

Des failles zero day sur Mac OS X et iOS ignorées par Apple

Des failles zero day sur Mac OS X et iOS ignorées par Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
Gust MEES's curator insight, June 18, 2015 6:12 AM
Des universitaires ont trouvé plusieurs vulnérabilités critiques touchant Mac OS X et iOS permettant le vol de données sensibles. Apple reste muet sur les correctifs.


Une majorité des applications vulnérables à Xara

Pour les universitaires, ces problèmes sont le résultat d’un manque d’authentification des discussions d’apps à apps ou d’apps avec l’OS. Pour découvrir ces faiblesses, ils ont mis au point un scanner capable d’analyser les binaires des applications pour Mac OS X et iOS pour trouver les protections manquantes. L’étude a porté sur 1612 applications pour Mac et 200 pour iOS avec comme résultat 88,6% des applications vulnérables à la menace Xara.


En savoir plus sur http://www.silicon.fr/failles-zero-day-mac-os-x-ios-ignorees-apple-119382.html#xGFGmVDsD7JSOYei.99



En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA

Scooped by Gust MEES
Scoop.it!

Thousands of iOS apps left open to snooping thanks to SSL bug | CyberSecurity | Apple

Thousands of iOS apps left open to snooping thanks to SSL bug | CyberSecurity | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

CyberSecurity Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.

Gust MEES's insight:

CyberSecurity Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.


more...
No comment yet.
Rescooped by Gust MEES from Apps and Widgets for any use, mostly for education and FREE
Scoop.it!

Most of the top 100 paid Android and iOS apps have been hacked | CyberSecurity | MobileSecurity | eSkills

Most of the top 100 paid Android and iOS apps have been hacked | CyberSecurity | MobileSecurity | eSkills | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked, according to Arxan Technologies.


Learn more:


http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/



Via Gust MEES
Gust MEES's insight:
97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked, according to Arxan Technologies.


Learn more:


http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/


more...
Gust MEES's curator insight, November 17, 2014 8:21 AM
97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked, according to Arxan Technologies.


Learn more:


http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/


Gust MEES's curator insight, November 17, 2014 8:26 AM
97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked, according to Arxan Technologies.


Learn more:


http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/


Scooped by Gust MEES
Scoop.it!

Apple zeichnet iMessage-Metadaten für 30 Tage auf | #Privacy #digcit #Apps 

Apple zeichnet iMessage-Metadaten für 30 Tage auf | #Privacy #digcit #Apps  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Wie aus einem geleakten Dokument hervor geht, zeichnet Apple Metadaten zu iMessages-Konversationen auf und kann diese auch auf richterliche Anordnung der Polizei aushändigen. Die Konversation selbst bleibt verschlüsselt, doch speichert Apple für 30 Tage auf seinen Servern Daten über die Kontaktaufnahme. In dem Moment, in dem man in die Nachrichten-App eine Nummer oder einen Namen eintippt, richtet das iPhone eine Anfrage an den Server bei Apple, ob der Kontakt mit iMessages verknüpft ist oder eine unverschlüsselte SMS versandt werden soll. Diese Daten bleiben dann einen Monat bestehen, es geht aber aus ihnen nicht hervor, ob tatsächlich eine Konversation stattgefunden hat oder nicht.

Die ursprüngliche Meldung ist gestern auf " The Intercept " erschienen, die Autoren bekamen jede Menge Unterlagen zugespielt, die wohl einst im internen Umlauf beim Support-Team der Abteilung für elektronische Überwaschung der Staatsanwaltschaft in Florida war. Darunter fand sich ein Dokument mit dem Namen "iMessage FAQ für Strafverfolgungsbehörden". Bis zu der letzten Frage liest sich das Dokument wie eine Einführung zur iMessage-Nutzung, erst als Antwort auf die letzte Frage "Was bekomme ich von Apple, wenn ich eine Gerichtsverfügung für ein iMessage-Konto habe?" eine detaillierte Liste der Meta-Daten. Darunter sind die Kontaktdaten wie die Telefonnummer des Gesprächspartners in iMessage, das Datum und die Uhrzeit, wann das iPhone versucht hat, den Kontakt per iMessage zu erreichen, die IP-Adresse des nächsten WLANs, über die die Verbindung zum Apple-Server stattgefunden hat. Die Apple-Sprecherin hat gegenüber "The Intercept" bestätigt, dass das geleakte Dokument den tatsächlichen Stand der Dinge beschreibt, allerdings speichert Apple nach deren Angaben solche Logs nur einen Monat lang, danach werden sie gelöscht.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

Gust MEES's insight:
Wie aus einem geleakten Dokument hervor geht, zeichnet Apple Metadaten zu iMessages-Konversationen auf und kann diese auch auf richterliche Anordnung der Polizei aushändigen. Die Konversation selbst bleibt verschlüsselt, doch speichert Apple für 30 Tage auf seinen Servern Daten über die Kontaktaufnahme. In dem Moment, in dem man in die Nachrichten-App eine Nummer oder einen Namen eintippt, richtet das iPhone eine Anfrage an den Server bei Apple, ob der Kontakt mit iMessages verknüpft ist oder eine unverschlüsselte SMS versandt werden soll. Diese Daten bleiben dann einen Monat bestehen, es geht aber aus ihnen nicht hervor, ob tatsächlich eine Konversation stattgefunden hat oder nicht.

Die ursprüngliche Meldung ist gestern auf " The Intercept " erschienen, die Autoren bekamen jede Menge Unterlagen zugespielt, die wohl einst im internen Umlauf beim Support-Team der Abteilung für elektronische Überwaschung der Staatsanwaltschaft in Florida war. Darunter fand sich ein Dokument mit dem Namen "iMessage FAQ für Strafverfolgungsbehörden". Bis zu der letzten Frage liest sich das Dokument wie eine Einführung zur iMessage-Nutzung, erst als Antwort auf die letzte Frage "Was bekomme ich von Apple, wenn ich eine Gerichtsverfügung für ein iMessage-Konto habe?" eine detaillierte Liste der Meta-Daten. Darunter sind die Kontaktdaten wie die Telefonnummer des Gesprächspartners in iMessage, das Datum und die Uhrzeit, wann das iPhone versucht hat, den Kontakt per iMessage zu erreichen, die IP-Adresse des nächsten WLANs, über die die Verbindung zum Apple-Server stattgefunden hat. Die Apple-Sprecherin hat gegenüber "The Intercept" bestätigt, dass das geleakte Dokument den tatsächlichen Stand der Dinge beschreibt, allerdings speichert Apple nach deren Angaben solche Logs nur einen Monat lang, danach werden sie gelöscht.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Privacy

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

OS X malware spread via signed Transmission app... again | #Apple #CyberSecurity #Keydnap #Awareness

OS X malware spread via signed Transmission app... again | #Apple #CyberSecurity #Keydnap #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Researchers caught malware spreading itself around to OS X users through a signed version of the BitTorrent client Transmission.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=BitTorrent

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=keydnap

 

Gust MEES's insight:
Researchers caught malware spreading itself around to OS X users through a signed version of the BitTorrent client Transmission.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=BitTorrent

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=keydnap

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect 

AceDeceiver: Erster Trojaner für iOS entdeckt | #Apple #CyberSecurity #CyberCrime #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Der womöglich erste Trojaner für iOS, die nicht von Jailbreaks geschwächte iPhones und iPads befallen können, lautet auf den Namen AceDeceiver. Die Sicherheitsspezialisten von Palo Alto Networks haben heute einen ausführlichen Blogbeitrag veröffentlicht, in dem sie die Funktionsweise erklären. Derzeit besteht zwar keine konkrete Gefahr, da Apple bereits vor drei Wochen von Palo Alto informiert wurde und die von AceDeceiver in den App Store geschmuggelten Apps aus dem Angebot entfernt hat.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=AceDeceiver

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity

KeRanger: Erste Ransomware-Kampagne bedroht Mac OS X | Apple | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

Gust MEES's insight:
Ein Erpressungs-Trojaner verschlüsselt erstmals auch Daten von Mac-Nutzern. Der Schädling versteckt sich im BitTorrent-Client Transmission. Apple und die Entwickler haben bereits reagiert.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple

First known OS X ransomware spotted in Mac torrenting app | CyberSecurity | Nobody Is Perfect | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

 

Gust MEES's insight:
Users of BitTorrent client app Transmission became the first reported victims of Mac ransomware this week. People who downloaded infected versions of the app also received "KeRanger" malware, 9to5Mac says, nefarious software that would encrypt a user's hard drive three days after being installed and demand payment to unlock the data.

 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RANSOMWARE

 

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Yispecter: Sicherheitsfirma warnt vor neuer iOS-Malware | CyberSecurity | MobileSecurity | Apple

Yispecter: Sicherheitsfirma warnt vor neuer iOS-Malware | CyberSecurity | MobileSecurity | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Die Malware läuft auch auf iPhones und iPads ohne Jailbreak und erhält durch Nutzung privater APIs weitreichenden Zugriff, erklärt eine Sicherheitsfirma. Die Infektion erfolge auf verschiedenen Wegen.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Die Malware läuft auch auf iPhones und iPads ohne Jailbreak und erhält durch Nutzung privater APIs weitreichenden Zugriff, erklärt eine Sicherheitsfirma. Die Infektion erfolge auf verschiedenen Wegen.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Malware infiziert iOS-Compiler Xcode

Malware infiziert iOS-Compiler Xcode | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Über eine Objekt-Datei im Installer des iOS-App-Compilers Xcode wurde chinesischen Entwicklern eine Malware untergeschoben, die es in mindestens 39 Apps bereits in den offiziellen App-Store geschafft hat.


Learn more / En savoir plus / Mehr erfahren:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


Gust MEES's insight:

Learn more:

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

.

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

.

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XcodeGhost+malware+sneaks+into+the+App+Store...


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices

Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Jailbreaking is practiced by iOS users all over the world.

Jailbreaking your device is a security risk!

This news is a timely reminder about the downside to jailbreaking your Apple iOS device. It sounds like a great idea, in theory, but what many often overlook is that while jailbreaking allows Apple users to bypass many iOS operating system restrictions they might consider burdensome, for example being only able to download apps from the Apple iOS App Store, it also means that cybercriminals have much more freedom to attack the device. 

One of the biggest reasons that jailbreaking puts your phone or tablet at risk is that it disables the “sandboxing” feature native in all Apple devices. Sandboxing keeps third party apps out of your operating system, and only allows those apps certain permissions to your information (which these apps “ask” for through pop-ups to be approved by the device user). Because these apps need your explicit permission to look through your photos, access your location, or look up your contacts, it’s highly unlikely that malicious code can get through to do damage or steal your information. Once you remove the sandbox, any app can access all of your private information, including malicious apps posing as legitimate apps.

Gust MEES's insight:

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Jailbreaking is practiced by iOS users all over the world.


Jailbreaking your device is a security risk!


This news is a timely reminder about the downside to jailbreaking your Apple iOS device. It sounds like a great idea, in theory, but what many often overlook is that while jailbreaking allows Apple users to bypass many iOS operating system restrictions they might consider burdensome, for example being only able to download apps from the Apple iOS App Store, it also means that cybercriminals have much more freedom to attack the device. 

One of the biggest reasons that jailbreaking puts your phone or tablet at risk is that it disables the “sandboxing” feature native in all Apple devices. Sandboxing keeps third party apps out of your operating system, and only allows those apps certain permissions to your information (which these apps “ask” for through pop-ups to be approved by the device user). Because these apps need your explicit permission to look through your photos, access your location, or look up your contacts, it’s highly unlikely that malicious code can get through to do damage or steal your information. Once you remove the sandbox, any app can access all of your private information, including malicious apps posing as legitimate apps.

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

iOS/OS X : Apple epinglé à nouveau pour des (grosses failles) de sécurité | XARA

iOS/OS X : Apple epinglé à nouveau pour des (grosses failles) de sécurité | XARA | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Plusieurs failles de sécurité ont été repérées par des chercheurs universitaires, celles-ci permettant de contourner la sécurité de l’application keychain, des sandbox des programmes ou encore les mesures de sécurité sur l’App Store.
La famille Xara

Et ce type de failles se retrouve un peu partout : selon les auteurs de l’étude, qui ont testé 200 applications choisies au hasard sur l'App Store, la grande majorité d'entre elles se révèlent vulnérables face à ces failles de sécurité. Si l’exemple de Keychain est le plus parlant, les chercheurs notent que ce type de vulnérabilités peut être utilisé pour accéder à de nombreux services et applications sur iOS et OSX. Au total, les chercheurs estiment que 88,6% des applications proposées sur l’Apple Store seraient vulnérables à ce type d’attaques.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:
Plusieurs failles de sécurité ont été repérées par des chercheurs universitaires, celles-ci permettant de contourner la sécurité de l’application keychain, des sandbox des programmes ou encore les mesures de sécurité sur l’App Store.
La famille Xara

Et ce type de failles se retrouve un peu partout : selon les auteurs de l’étude, qui ont testé 200 applications choisies au hasard sur l'App Store, la grande majorité d'entre elles se révèlent vulnérables face à ces failles de sécurité. Si l’exemple de Keychain est le plus parlant, les chercheurs notent que ce type de vulnérabilités peut être utilisé pour accéder à de nombreux services et applications sur iOS et OSX. Au total, les chercheurs estiment que 88,6% des applications proposées sur l’Apple Store seraient vulnérables à ce type d’attaques.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Zeroday-Lücken in iOS und OS X: Bösartige Apps können offenbar Passwörter auslesen | Apple

Zeroday-Lücken in iOS und OS X: Bösartige Apps können offenbar Passwörter auslesen | Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Schwachstellen in iOS und OS X versetzen Apps einer Studie zufolge in die Lage, Daten aus anderen Programmen auszulesen – darunter Passwörter aus dem Mac-Schlüsselbund. Apple habe manipulierte Apps in den Store gelassen.


Mehr erfahren / Learn more:


- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:
Schwachstellen in iOS und OS X versetzen Apps einer Studie zufolge in die Lage, Daten aus anderen Programmen auszulesen – darunter Passwörter aus dem Mac-Schlüsselbund. Apple habe manipulierte Apps in den Store gelassen.


Mehr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Where Did VirusBarrier iOS Go? | MobileSecurity | CyberSecurity

Where Did VirusBarrier iOS Go? | MobileSecurity | CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has elected to eliminate the category of anti-virus and anti-malware products from their iOS App Store.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Most+vulnerable+operating+systems+and+ap


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


https://gustmees.wordpress.com/2015/03/07/facts-to-convince-someone-for-the-must-of-learning-basics-of-cybersecurity-digital-citizenship/


Gust MEES's insight:
Apple has elected to eliminate the category of anti-virus and anti-malware products from their iOS App Store.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Most+vulnerable+operating+systems+and+ap


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


https://gustmees.wordpress.com/2015/03/07/facts-to-convince-someone-for-the-must-of-learning-basics-of-cybersecurity-digital-citizenship/


more...
No comment yet.