Apple, Mac, iOS4,...
Follow
Find tag "English"
9.2K views | +0 today
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Are you ready for ads to know your bank account balance? | Digital Privacy

Are you ready for ads to know your bank account balance? | Digital Privacy | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Well, knowing your name and how long you’ve been a card member seems only mildly invasive compared to what Apple may be up to.

As you know, Apple’s Tim Cook has been vigorous in defending users’ right to privacy. As the world’s biggest luxury brand, Apple has an advantage over companies like Google that rely on turning their customers into products. However, with the companies’ forays into new advertising-based ventures like streaming music, that ethic may be harder to enforce. And a new patent application aligned with the Apple Pay product suggests a dramatic new leap into users personal space.


Learn more:




Gust MEES's insight:

Well, knowing your name and how long you’ve been a card member seems only mildly invasive compared to what Apple may be up to.

As you know, Apple’s Tim Cook has been vigorous in defending users’ right to privacy. As the world’s biggest luxury brand, Apple has an advantage over companies like Google that rely on turning their customers into products. However, with the companies’ forays into new advertising-based ventures like streaming music, that ethic may be harder to enforce. And a new patent application aligned with the Apple Pay product suggests a dramatic new leap into users personal space.


Learn more:





more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA

Apple App Security Fails Leave Macs And iPhones Vulnerable To 'Devastating' Attacks | XARA | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


Gust MEES's insight:

It’s become almost axiomatic that Apple devices and the apps on them are more secure than the competition. But researchers continue to blow up that notion and today a group of academics have ripped apart the securityprotections in Mac OS X and iOS to show it’s not only possible to create malware and get it onto the App Store, but it’s also feasible to launch “devastating” attacks using rogue software to steal the most sensitive personal data around, from iCloud passwords and Evernote notes to dodgy selfies and more.


The attacks, known as unauthorized cross-app resource access or XARA, expose design flaws that allow a bad app to access critical pieces of data in other apps. As a result, Apple has struggled to fix the issues, according to apaper released today from Indiana University Bloomington, Peking University and the Georgia Institute of Technology.


En savoir plus / Merhr erfahren / Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=XARA


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits | Mac | Apple | EFI | CyberSecurity

Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits | Mac | Apple | EFI | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac.

The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca discovered that after a MacBook is put to sleep and then brought back up, the machine’s low-level firmware is left unlocked.


Mehr erfahren/Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI


Gust MEES's insight:
There is a vulnerability buried deep in the firmware of many Apple laptops that could allow an attacker to overwrite the machine’s BIOS and install a rootkit, gaining complete control of the Mac.

The vulnerability lies in the UEFI system on some older MacBooks, and researcher Pedro Vilaca discovered that after a MacBook is put to sleep and then brought back up, the machine’s low-level firmware is left unlocked.


Mehr erfahren/Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Vulnerability in Safari Allows Attackers to Spoof Websites | CyberSecurity | eSkills | Digital CitiZENship

Vulnerability in Safari Allows Attackers to Spoof Websites | CyberSecurity | eSkills | Digital CitiZENship | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials.


Users are encouraged to watch out for spoofing attacks that redirect them to phishing schemes. To learn more about how to spot a phish, please click here.


Gust MEES's insight:
A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials.


Users are encouraged to watch out for spoofing attacks that redirect them to phishing schemes. To learn more about how to spot a phish, please click here.


more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

How to crash any iPhone or iPad within WiFi range | Apple | Nobody Is Perfect | NO iOS Zone

How to crash any iPhone or iPad within WiFi range | Apple | Nobody Is Perfect | NO iOS Zone | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

"No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.


The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.


Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.


More details of the “No iOS Zone” flaw can be found in the slide deck of the presentation given at the RSA conference.


Gust MEES's insight:

No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.


The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.


Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.


More details of the “No iOS Zone” flaw can be found in the slide deck of the presentation given at the RSA conference.


more...
Gust MEES's curator insight, April 27, 12:51 PM

No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.


The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.


Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.


More details of the “No iOS Zone” flaw can be found in the slide deck of the presentation given at the RSA conference.


Scooped by Gust MEES
Scoop.it!

Apple security features can be easily bypassed, says researcher | Nobody Is Perfect

Apple security features can be easily bypassed, says researcher | Nobody Is Perfect | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Security tools baked into Macs designed to protect users from malicious content can be easily bypassed, according to one security researcher.

In a talk at the RSA Conference in San Francisco on Thursday, Synack director of research Patrick Wardle described how two OS X security tools can be bypassed to run malware.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Mac+OS+X+est+lui+aussi+un+paradis+pour


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Security tools baked into Macs designed to protect users from malicious content can be easily bypassed, according to one security researcher.

In a talk at the RSA Conference in San Francisco on Thursday, Synack director of research Patrick Wardle described how two OS X security tools can be bypassed to run malware.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Mac+OS+X+est+lui+aussi+un+paradis+pour


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Every Mac is still at risk from this "backdoor" bug | Apple failed to fix "rootpipe" backdoor flaw

Every Mac is still at risk from this "backdoor" bug | Apple failed to fix "rootpipe" backdoor flaw | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
The bug should've been squashed in the latest update of OS X 10.10.3, but researchers say it persists. Every Mac is at risk from this "backdoor" bug.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RootPipe


Gust MEES's insight:

The bug should've been squashed in the latest update of OS X 10.10.3, but researchers say it persists. Every Mac is at risk from this "backdoor" bug.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=RootPipe



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

​Apple bought UK analytics firm Acunu before FoundationDB | ZDNet

​Apple bought UK analytics firm Acunu before FoundationDB | ZDNet | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple acquired a UK Cassandra-based analytics firm before Foundation DB, around the time it was buying tech to improve Siri.



Learn more:


http://www.scoop.it/t/social-media-and-its-influence/?tag=acquisitions


Gust MEES's insight:
Apple acquired a UK Cassandra-based analytics firm before Foundation DB, around the time it was buying tech to improve Siri.



Learn more:


http://www.scoop.it/t/social-media-and-its-influence/?tag=acquisitions


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Where Did VirusBarrier iOS Go? | MobileSecurity | CyberSecurity

Where Did VirusBarrier iOS Go? | MobileSecurity | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has elected to eliminate the category of anti-virus and anti-malware products from their iOS App Store.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Most+vulnerable+operating+systems+and+ap


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


https://gustmees.wordpress.com/2015/03/07/facts-to-convince-someone-for-the-must-of-learning-basics-of-cybersecurity-digital-citizenship/


Gust MEES's insight:
Apple has elected to eliminate the category of anti-virus and anti-malware products from their iOS App Store.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Most+vulnerable+operating+systems+and+ap


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


https://gustmees.wordpress.com/2015/03/07/facts-to-convince-someone-for-the-must-of-learning-basics-of-cybersecurity-digital-citizenship/


more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Most vulnerable operating systems and applications in 2014 | Apple on the TOP

Most vulnerable operating systems and applications in 2014 | Apple on the TOP | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.

.

#Mac OS X and #Linux had more #vulnerabilities in 2014 than ALL #Windows Versions in sum.

.


Not surprisingly at all, web browsers continue to have the most security vulnerabilities because they are a popular gateway to access a server and to spread malware on the clients. Adobe free products and Java are the main challengers but web browsers have continuously topped the table for the last six years. Mozilla Firefox had the most vulnerabilities reported in 2009 and 2012; Google Chrome in 2010 and 2011; Internet Explorer was at the top for the last two years.

To keep systems secure, it is critical that they are fully patched. IT admins should focus on (patch them first):

  • Operating systems (Windows, Linux, OS X)
  • Web browsers
  • Java
  • Adobe free products (Flash Player, Reader, Shockwave Player, AIR).
.
Learn more:



Gust MEES's insight:

An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.

.


#Mac OS X and #Linux had more #vulnerabilities in 2014 than ALL #Windows Versions in sum.

.


Not surprisingly at all, web browsers continue to have the most security vulnerabilities because they are a popular gateway to access a server and to spread malware on the clients. Adobe free products and Java are the main challengers but web browsers have continuously topped the table for the last six years. Mozilla Firefox had the most vulnerabilities reported in 2009 and 2012; Google Chrome in 2010 and 2011; Internet Explorer was at the top for the last two years.



To keep systems secure, it is critical that they are fully patched. IT admins should focus on (patch them first):


  • Operating systems (Windows, Linux, OS X)
  • Web browsers
  • Java
  • Adobe free products (Flash Player, Reader, Shockwave Player, AIR).
.
Learn more:


more...
Gust MEES's curator insight, February 22, 6:51 PM

An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.

.


#Mac OS X and #Linux had more #vulnerabilities in 2014 than ALL #Windows Versions in sum.

.


Not surprisingly at all, web browsers continue to have the most security vulnerabilities because they are a popular gateway to access a server and to spread malware on the clients. Adobe free products and Java are the main challengers but web browsers have continuously topped the table for the last six years. Mozilla Firefox had the most vulnerabilities reported in 2009 and 2012; Google Chrome in 2010 and 2011; Internet Explorer was at the top for the last two years.



To keep systems secure, it is critical that they are fully patched.IT admins should focus on (patch them first):


  • Operating systems (Windows, Linux, OS X)
  • Web browsers
  • Java
  • Adobe free products (Flash Player, Reader, Shockwave Player, AIR).
.
Scooped by Gust MEES
Scoop.it!

OpinionSpy Rears its Ugly Head on Macs Once Again | CyberSecurity

OpinionSpy Rears its Ugly Head on Macs Once Again | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Almost five years ago, Intego security researchers warned about the OSX/OpinionSpy spyware infecting Mac computers, downloaded during the installation of innocent-sounding applications and screensavers distributed via well-known sites such as MacUpdate and VersionTracker.

Once compromised, infected Macs could leak data and open a backdoor for further abuse.

Now, sadly, a variant of OpinionSpy seems to be making something of a comeback.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Almost five years ago, Intego security researchers warned about the OSX/OpinionSpy spyware infecting Mac computers, downloaded during the installation of innocent-sounding applications and screensavers distributed via well-known sites such as MacUpdate and VersionTracker.

Once compromised, infected Macs could leak data and open a backdoor for further abuse.

Now, sadly, a variant of OpinionSpy seems to be making something of a comeback.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Kaspersky Lab Survey Finds Mac and PC Users Encounter Similar Cyberthreat Risks | CyberSecurity

Kaspersky Lab Survey Finds Mac and PC Users Encounter Similar Cyberthreat Risks | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Woburn, MA – February 10, 2015 - According to the Consumer Security Risk Survey conducted by Kaspersky Lab and B2B International, Apple users responded to have encountered cyber threats almost as often as the users of other platforms. The survey showed that 24 percent of Apple desktop users and 10 percent of Apple laptop users encountered malware during the year*, whereas the number of affected PC owners is slightly higher at 32 percent.  

Although security experts have not, thus far, found as much harmful software for OS X as they have for other platforms like Windows, malware does still aim to attack Mac devices. Malware such as ransomware was reportedly faced by 13 percent of Mac users compared to 9 percent of Windows users. There is a similar situation with threats targeting financial data: these incidents were reported by 51 percent of OS X users and 43 percent of Windows users.

In addition the survey results showcased that Mac users are generally less aware of Internet threats than Windows users. For example, 39 percent of MacBook owners have never or hardly heard of ransomware, and 30 percent do not know about dangerous malicious programs that can exploit vulnerabilities in software. By comparison, among all respondents 33 percent know almost nothing about ransomware and 28 percent are unaware of exploits.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Woburn, MA – February 10, 2015 - According to the Consumer Security Risk Survey conducted by Kaspersky Lab and B2B International, Apple users responded to have encountered cyber threats almost as often as the users of other platforms. The survey showed that 24 percent of Apple desktop users and 10 percent of Apple laptop users encountered malware during the year*, whereas the number of affected PC owners is slightly higher at 32 percent.  

Although security experts have not, thus far, found as much harmful software for OS X as they have for other platforms like Windows, malware does still aim to attack Mac devices. Malware such as ransomware was reportedly faced by 13 percent of Mac users compared to 9 percent of Windows users. There is a similar situation with threats targeting financial data: these incidents were reported by 51 percent of OS X users and 43 percent of Windows users.

In addition the survey results showcased that Mac users are generally less aware of Internet threats than Windows users. For example, 39 percent of MacBook owners have never or hardly heard of ransomware, and 30 percent do not know about dangerous malicious programs that can exploit vulnerabilities in software. By comparison, among all respondents 33 percent know almost nothing about ransomware and 28 percent are unaware of exploits.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

ALERT!!! #Adobe patches latest #Flash Player zero-day ===> #Update asap!!! | CyberSecurity

ALERT!!! #Adobe patches latest #Flash Player zero-day ===> #Update asap!!! | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Adobe has released Flash Player 16.0.0.305, a new version that fixes the latest zero-day flaw (CVE-2015-0313) that is currently exploited in...
Gust MEES's insight:

Adobe has released Flash Player 16.0.0.305, a new version that fixes the latest zero-day flaw (CVE-2015-0313) that is currently exploited in...


more...
Gust MEES's curator insight, February 5, 5:40 PM

Adobe has released Flash Player 16.0.0.305, a new version that fixes the latest zero-day flaw (CVE-2015-0313) that is currently exploited in...


Scooped by Gust MEES
Scoop.it!

Security hole in MacKeeper used to shove malware onto Macs

Security hole in MacKeeper used to shove malware onto Macs | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.

The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.

MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.

As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.

Unfortunately, according to BAE, some crooks struck while the iron was hot.

The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.


Here are some examples we've seen over the years where the Windows malware "playbook" has been followed, in some cases extremely effectively, on OS X:


2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including "274 from Cupertino."


2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.


2014: Fake "undelivered item" documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives...and send them to the crooks.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security




Gust MEES's insight:

Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.

The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.

MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.

As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.

Unfortunately, according to BAE, some crooks struck while the iron was hot.

The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.


Here are some examples we've seen over the years where the Windows malware "playbook" has been followed, in some cases extremely effectively, on OS X:


2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including "274 from Cupertino."


2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.


2014: Fake "undelivered item" documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives...and send them to the crooks.


So, if you haven't yet crossed the bridge and become a Mac anti-virus user, now would be a good time to give it a go.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple: Serious Zero-Day Security Flaw in iOS and OS X Could Lead to Password Theft

Apple: Serious Zero-Day Security Flaw in iOS and OS X Could Lead to Password Theft | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

 
"Note that all the attack apps were successfully released by the Apple Stores. So, the security threats are indeed realistic."
So, it's a serious problem. And, as yet, not fixed.

The university researchers say that they first reported the vulnerability to Apple on October 15 2014, and contacted them again in November 2014 and early this year. They claimed that Apple told them that because of the complex nature of the security issue, six months' grace would be required to develop a solution.

Unfortunately, that fix has still not emerged and the researchers have chosen to go public with their findings.

For now, until a proper solution is discovered, the most secure approach might be to exercise caution about what apps you download onto your Macs and iOS devices, even if they are listed in the official iOS and Mac App Store — stick with apps from known developers.


Learn more:


.
Gust MEES's insight:

Note that all the attack apps were successfully released by the Apple Stores. So, the security threats are indeed realistic."
So, it's a serious problem. And, as yet, not fixed.

The university researchers say that they first reported the vulnerability to Apple on October 15 2014, and contacted them again in November 2014 and early this year. They claimed that Apple told them that because of the complex nature of the security issue, six months' grace would be required to develop a solution.

Unfortunately, that fix has still not emerged and the researchers have chosen to go public with their findings.

For now, until a proper solution is discovered, the most secure approach might be to exercise caution about what apps you download onto your Macs and iOS devices, even if they are listed in the official iOS and Mac App Store — stick with apps from known developers.


Learn more:


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac bug makes rootkit injection as easy as falling asleep

Mac bug makes rootkit injection as easy as falling asleep | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”

Apple has been contacted for comment.

Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.

Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.

Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.

“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”

Apple has been contacted for comment.

Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.

Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.

Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.

“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI



more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple updates Safari on OS X, fixes critical flaws | UPDATE asap!!! | CyberSecurity | eSkills

Apple updates Safari on OS X, fixes critical flaws | UPDATE asap!!! | CyberSecurity | eSkills | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
No sooner had we reported that Microsoft will adopt a "rolling update" model for Windows 10...

...than we received notice of Apple's latest "rolling update" for its Safari browser.

.

.


What to do?

Simple: head to Apple Menu | App Store... | Updates and make sure you have the latest version of Safari.

To check your Safari version, run the browser and use Safari | About Safari, or open a Finder window and go to Applications| Safari.app.

For more information from the horse's mouth, visit Apple's Security Updateslanding page (which has been re-numbered from HT1222 to HT20122), or theSafari x.x.6 update page itself (HT204826).


Gust MEES's insight:
No sooner had we reported that Microsoft will adopt a "rolling update" model for Windows 10...

...than we received notice of Apple's latest "rolling update" for its Safari browser.


What to do?

Simple: head to Apple Menu | App Store... | Updates and make sure you have the latest version of Safari.

To check your Safari version, run the browser and use Safari | About Safari, or open a Finder window and go to Applications| Safari.app.

For more information from the horse's mouth, visit Apple's Security Updateslanding page (which has been re-numbered from HT1222 to HT20122), or theSafari x.x.6 update page itself (HT204826).


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Thousands of iOS apps left open to snooping thanks to SSL bug | CyberSecurity | Apple

Thousands of iOS apps left open to snooping thanks to SSL bug | CyberSecurity | Apple | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

CyberSecurity Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.

Gust MEES's insight:

CyberSecurity Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks | CyberSecurity

Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?
Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.


As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

Gust MEES's insight:

At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.

1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?
Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.


As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that's trivial for hackers to monitor or modify, even when it's protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple fixes loads of security holes in OS X, iOS, Apple TV, Safari | CyberSecurity

Apple fixes loads of security holes in OS X, iOS, Apple TV, Safari | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
What was fixed?

The list of software components fixed in the various updates is extensive.

Rather than go into all the details, we'll just encourage you towards grabbing the updates by pointing out that the holes fixed include:

Remote code execution (RCE). Opening a booby-trapped file or browsing to a malicious web page could lead to implanted malware, stolen data and a hijacked computer.

.

Security bypasses. Files you might expect to be kept away from prying eyes might be visible; secrets useful for further attacks (such as memory addresses used by the operating system) might be revealed.
Denial of service. A crook could force your computer to shut down without warning.

.
Data leakage. Passwords, private browsing data and application screenshots could be revealed.

.

Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
What was fixed?

The list of software components fixed in the various updates is extensive.

Rather than go into all the details, we'll just encourage you towards grabbing the updates by pointing out that the holes fixed include:

Remote code execution (RCE). Opening a booby-trapped file or browsing to a malicious web page could lead to implanted malware, stolen data and a hijacked computer.

.

Security bypasses. Files you might expect to be kept away from prying eyes might be visible; secrets useful for further attacks (such as memory addresses used by the operating system) might be revealed.
Denial of service. A crook could force your computer to shut down without warning.

.
Data leakage. Passwords, private browsing data and application screenshots could be revealed.

.

Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Apple Releases Security Update for OS X Yosemite | US-CERT | Update asap!

Apple Releases Security Update for OS X Yosemite | US-CERT | Update asap! | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, March 20, 8:44 PM
Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Rescooped by Gust MEES from 21st Century Innovative Technologies and Developments as also discoveries, curiosity ( insolite)...
Scoop.it!

Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides | CyberSecurity

Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it


Apple's latest security fixes are out. 


The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.







Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Apple's latest security fixes are out. 


The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.



Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
Gust MEES's curator insight, March 13, 5:41 PM

Apple's latest security fixes are out. 


The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.



Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Scooped by Gust MEES
Scoop.it!

Five months on and iOS 8 is still riddled with show-stopping bugs

Five months on and iOS 8 is still riddled with show-stopping bugs | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Five months on from the release of iOS 8, and following six rounds of bugfixes, Apple's flagship mobile platform that powers almost three out of four iPhone and iPads is still riddled with bugs.


I'm just going to come out and say it - this is a mess. If we were talking about cosmetic stuff like a badly laid out user interface or poor selection of wallpapers then I could overlook the issues, but they aren't. These are bugs relating to core systems such as Wi-Fi, cellular connectivity, Bluetooth, and stability and performance.

These are show-stopping bugs. These are bugs that quite frankly should have been sorted before iOS 8 was released, and definitely should have been pinned down after the first couple of updates.

But they aren't.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:

Five months on from the release of iOS 8, and following six rounds of bugfixes, Apple's flagship mobile platform that powers almost three out of four iPhone and iPads is still riddled with bugs.


I'm just going to come out and say it - this is a mess. If we were talking about cosmetic stuff like a badly laid out user interface or poor selection of wallpapers then I could overlook the issues, but they aren't. These are bugs relating to core systems such as Wi-Fi, cellular connectivity, Bluetooth, and stability and performance.

These are show-stopping bugs. These are bugs that quite frankly should have been sorted before iOS 8 was released, and definitely should have been pinned down after the first couple of updates.

But they aren't.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Threat Intelligence: Reduce the Gap | CyberSecurity | Privacy

Threat Intelligence: Reduce the Gap | CyberSecurity | Privacy | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Major cyber security incidents continue to hit the headlines. Security and privacy are top concerns for IT and security professionals, especially after 2014’s highly publicized data breaches.

Companies around the globe were victim to malware, stolen data and exploited vulnerabilities. Big companies weren’t immune to this, with Target, JPMogan Chase, Home Depot and Sony Pictures suffering the painful sting of data breaches. Even celebrities were targeted, with compromised iCloud accounts.

It really isn’t surprising that almost everyone anticipates the need to prepare for security challenges in the coming months. According to a recent survey by Tech Pro Research, 84 percent of IT professionals are more concerned about security and privacy in 2015.
Gust MEES's insight:

Major cyber security incidents continue to hit the headlines. Security and privacy are top concerns for IT and security professionals, especially after 2014’s highly publicized data breaches.

Companies around the globe were victim to malware, stolen data and exploited vulnerabilities. Big companies weren’t immune to this, with TargetJPMogan ChaseHome Depot and Sony Pictures suffering the painful sting of data breaches. Even celebrities were targeted, with compromised iCloud accounts.

It really isn’t surprising that almost everyone anticipates the need to prepare for security challenges in the coming months. According to a recent survey by Tech Pro Research, 84 percent of IT professionals are more concerned about security and privacy in 2015.


more...
Gust MEES's curator insight, February 12, 4:01 AM

Major cyber security incidents continue to hit the headlines. Security and privacy are top concerns for IT and security professionals, especially after 2014’s highly publicized data breaches.

Companies around the globe were victim to malware, stolen data and exploited vulnerabilities. Big companies weren’t immune to this, with TargetJPMogan ChaseHome Depot and Sony Pictures suffering the painful sting of data breaches. Even celebrities were targeted, with compromised iCloud accounts.

It really isn’t surprising that almost everyone anticipates the need to prepare for security challenges in the coming months. According to a recent survey by Tech Pro Research, 84 percent of IT professionals are more concerned about security and privacy in 2015.


Scooped by Gust MEES
Scoop.it!

Apple Pushes Mandatory Flash Update in Wake of Zero-Day Disclosures | CyberSecurity

Apple Pushes Mandatory Flash Update in Wake of Zero-Day Disclosures | CyberSecurity | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple is pushing out a mandatory update for Adobe Flash in the wake of the recent disclosure of three zero-day vulnerabilities that are actively being exploited in the wild.

Mac OS X will find that Flash has been disabled on their devices and will see popup messages urging them to install the latest updates if they want to continue to use the software.

“If you’re using an out-of-date version of the Adobe Flash Player plug-in, you may see the message ‘Blocked plug-in’, ‘Flash Security Alert’ or ‘Flash out-of-date’ when attempting to view Flash content in Safari. To continue viewing Flash content, update to a later version of Adobe Flash Player. Click the Download Flash button. Safari opens the Adobe Flash Player page on the Adobe website,” the advisory from Apple stated.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's insight:
Apple is pushing out a mandatory update for Adobe Flash in the wake of the recent disclosure of three zero-day vulnerabilities that are actively being exploited in the wild.

Mac OS X will find that Flash has been disabled on their devices and will see popup messages urging them to install the latest updates if they want to continue to use the software.

“If you’re using an out-of-date version of the Adobe Flash Player plug-in, you may see the message ‘Blocked plug-in’, ‘Flash Security Alert’ or ‘Flash out-of-date’ when attempting to view Flash content in Safari. To continue viewing Flash content, update to a later version of Adobe Flash Player. Click the Download Flash button. Safari opens the Adobe Flash Player page on the Adobe website,” the advisory from Apple stated.


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


more...
No comment yet.