Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
11.8K views | +4 today
Follow
 
Scooped by Gust MEES
onto Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Scoop.it!

iOS flaw used to bypass iPhone's lockscreen

iOS flaw used to bypass iPhone's lockscreen | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

The good news is that the steps are many and unlikely to be executed by random attackers. The bad news is that this trick has been shared all over the Internet.

So, until Apple pushes out a new version of iOS and fixes the flaw, you might want to consider not leaving your locked iPhone unattended, especially around people you don't trust.


Gust MEES's insight:

Watch it out!!!

 

 

more...
No comment yet.
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Immune No More: An Apple Story

Immune No More: An Apple Story | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
For a very long time, Apple and its pseudo-religious user-base prided itself on being a platform free of malware; those days are inarguably and unequivocally over. Its emergence as the early winner...
Gust MEES's insight:

 

A MUST read!!!

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
Scooped by Gust MEES
Scoop.it!

Beware! A new bug can crash iOS and macOS with a single text message | #Apple #Awareness #NobodyIsPerfect #Vulnerabilities #Naivety

Beware! A new bug can crash iOS and macOS with a single text message | #Apple #Awareness #NobodyIsPerfect #Vulnerabilities #Naivety | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Beware! A new bug can crash iOS and macOS with a single text message
RESIST THE TEMPTATION TO SEND THIS TEXT BOMB TO ANYONE.

Be careful what you click on.

Abraham Masri, a Twitter user with the rather wonderful handle of @cheesecakeufo, has shared publicly a malicious link that is capable of crashing iOS and macOS when received through Apple's Messages app.

The link, which I'm only going to reproduce here as an image, points to a GitHub page.

Clicking on the link can cause your Messages application to crash on iOS and Mac devices, and you may find other peculiar behaviour occurs such as being returned to your lock screen.

It turns out that there's some pretty funky-looking code on that webpage.

Something about the so-called ChaiOS bug's code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.

Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.

Readers with long memories will recall that Apple users have been bedevilled by text bomb vulnerabilities like this in the past.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Beware! A new bug can crash iOS and macOS with a single text message
RESIST THE TEMPTATION TO SEND THIS TEXT BOMB TO ANYONE.

Be careful what you click on.

Abraham Masri, a Twitter user with the rather wonderful handle of @cheesecakeufo, has shared publicly a malicious link that is capable of crashing iOS and macOS when received through Apple's Messages app.

The link, which I'm only going to reproduce here as an image, points to a GitHub page.

Clicking on the link can cause your Messages application to crash on iOS and Mac devices, and you may find other peculiar behaviour occurs such as being returned to your lock screen.

It turns out that there's some pretty funky-looking code on that webpage.

Something about the so-called ChaiOS bug's code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.

Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.

Readers with long memories will recall that Apple users have been bedevilled by text bomb vulnerabilities like this in the past.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Fruitfly malware spied on Mac users for 13 years - man charged | #Apple #CyberSecurity #Cybercrime

Fruitfly malware spied on Mac users for 13 years - man charged | #Apple #CyberSecurity #Cybercrime | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Phillip R. Durachinsky, of North Royalton, Ohio, is alleged to have used Mac malware known as “Fruitfly” to remotely control victims’ computers, access and upload files, grab screenshots, log keystrokes, and surreptitiously spy via infected computer’s webcams.

Durachinsky, who faces multiple charges including Computer Fraud and Abuse Act violations, Wiretap Act violations, and identify theft, is said to have created a visual interface that allowed him to retrieve live images from several infected computers simultaneously.

In the indictment, Durachinsky is said to have used malware he created between 2003 and January 2017 to steal personal data, tax records, passwords, and “potentially embarrassing communications.”

According to the indictment, Durachinsky used stolen usernames and passwords to hack into his victims’ online accounts and steal further information, keeping detailed notes on his victims.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Fruitfly

 

Gust MEES's insight:
US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Phillip R. Durachinsky, of North Royalton, Ohio, is alleged to have used Mac malware known as “Fruitfly” to remotely control victims’ computers, access and upload files, grab screenshots, log keystrokes, and surreptitiously spy via infected computer’s webcams.

Durachinsky, who faces multiple charges including Computer Fraud and Abuse Act violations, Wiretap Act violations, and identify theft, is said to have created a visual interface that allowed him to retrieve live images from several infected computers simultaneously.

In the indictment, Durachinsky is said to have used malware he created between 2003 and January 2017 to steal personal data, tax records, passwords, and “potentially embarrassing communications.”

According to the indictment, Durachinsky used stolen usernames and passwords to hack into his victims’ online accounts and steal further information, keeping detailed notes on his victims.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Fruitfly

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple : un bug frappe les préférences système de macOS High Sierra | #CyberSecurity #NobodyIsPerfect #Naivety #Awareness

Apple : un bug frappe les préférences système de macOS High Sierra | #CyberSecurity #NobodyIsPerfect #Naivety #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Un utilisateur d’Open Radar a découvert un petit souci dans macOS 10.13.2. Il permet à un administrateur local de modifier les préférences systèmes du Mac App Store en saisissant n’importe quel mot de passe.
Sale temps pour la sécurité sur macOS. Le dernier bug de sécurité en date n’est pas du niveau des précédents mais fait malgré tout un peu tache sur le CV d’Apple. Un utilisateur d’Open Radar, une communauté de rapporteurs de bugs, a révélé un petit souci dans macOS High Sierra 10.13.2, la dernière version officiellement disponible.

Ainsi, selon lui, n’importe quel utilisateur administrateur local sur la machine peut ouvrir le panneau des Préférences Système du Mac App Store et déverrouiller le cadenas qui empêche les modifications de ces réglages en saisissant n’importe quel mot de passe. Si le cadenas est déjà ouvert et que cet utilisateur souhaite tenter sa chance, c’est possible. Il suffit de le refermer, de l’ouvrir à nouveau et de taper n’importe quelle suite de lettres ou chiffres.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Un utilisateur d’Open Radar a découvert un petit souci dans macOS 10.13.2. Il permet à un administrateur local de modifier les préférences systèmes du Mac App Store en saisissant n’importe quel mot de passe.
Sale temps pour la sécurité sur macOS. Le dernier bug de sécurité en date n’est pas du niveau des précédents mais fait malgré tout un peu tache sur le CV d’Apple. Un utilisateur d’Open Radar, une communauté de rapporteurs de bugs, a révélé un petit souci dans macOS High Sierra 10.13.2, la dernière version officiellement disponible.

Ainsi, selon lui, n’importe quel utilisateur administrateur local sur la machine peut ouvrir le panneau des Préférences Système du Mac App Store et déverrouiller le cadenas qui empêche les modifications de ces réglages en saisissant n’importe quel mot de passe. Si le cadenas est déjà ouvert et que cet utilisateur souhaite tenter sa chance, c’est possible. Il suffit de le refermer, de l’ouvrir à nouveau et de taper n’importe quelle suite de lettres ou chiffres.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Another macOS password prompt can be bypassed with any password | #Apple #CyberSecurity #NobodyIsPerfect #Naivety #Awareness

Another macOS password prompt can be bypassed with any password | #Apple #CyberSecurity #NobodyIsPerfect #Naivety #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.

While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?

If you want to test this bug at home, I was able to reproduce it quite easily. Open System Preferences, go to the App Store settings and look at the padlock icon. If it’s unlocked, lock it first and then try unlocking it with any password. Ta-da!

You can enable or disable automatic downloads and installation of app and operating system updates using this preference pane. This doesn’t represent an immediate security risk. But if someone already has access to your computer, they could disable automatic security updates and take advantage of vulnerabilities that are regularly patched.

By default, App Store settings are unlocked for admin users. But if you’re a bit paranoid about security, chances are you locked down all your system settings to make sure nobody is playing with them.

More importantly than the bug itself, Apple should reconsider their quality assurance processes. It’s time to stop shipping updates with embarrassing bugs.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

Gust MEES's insight:
MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.

While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?

If you want to test this bug at home, I was able to reproduce it quite easily. Open System Preferences, go to the App Store settings and look at the padlock icon. If it’s unlocked, lock it first and then try unlocking it with any password. Ta-da!

You can enable or disable automatic downloads and installation of app and operating system updates using this preference pane. This doesn’t represent an immediate security risk. But if someone already has access to your computer, they could disable automatic security updates and take advantage of vulnerabilities that are regularly patched.

By default, App Store settings are unlocked for admin users. But if you’re a bit paranoid about security, chances are you locked down all your system settings to make sure nobody is playing with them.

More importantly than the bug itself, Apple should reconsider their quality assurance processes. It’s time to stop shipping updates with embarrassing bugs.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple releases iOS 11.2.2 for iPhone and iPad | #CyberSecurity #Updates #NobodyIsPerfect #Awareness 

Apple releases iOS 11.2.2 for iPhone and iPad | #CyberSecurity #Updates #NobodyIsPerfect #Awareness  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Another day, another patch to install. This time, it's iOS 11.2.2 for iPhone, iPad, and iPod touch.

Must read: How to tell if your iPhone battery needs replacing

The patch is to fix the Spectre vulnerability that came to light earlier this month.

Apple describes the patch as follows:

iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
Apple says it "recommends" the update "for all users."

To download the update, go to Settings > General > Software Update (the preferred way, and this way the patch is only about 75MB), or connect your iPhone to a computer running iTunes and then carry out the update (this is slower and downloads the entire iOS 11.2.2 package, which is several gigabytes, as opposed to just the smaller update).

 

Learn more / en savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Another day, another patch to install. This time, it's iOS 11.2.2 for iPhone, iPad, and iPod touch.

Must read: How to tell if your iPhone battery needs replacing

The patch is to fix the Spectre vulnerability that came to light earlier this month.

Apple describes the patch as follows:

iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715).
Apple says it "recommends" the update "for all users."

To download the update, go to Settings > General > Software Update (the preferred way, and this way the patch is only about 75MB), or connect your iPhone to a computer running iTunes and then carry out the update (this is slower and downloads the entire iOS 11.2.2 package, which is several gigabytes, as opposed to just the smaller update).

 

Learn more / en savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple releases iOS and macOS updates with a mitigation for Spectre | #Update asap!! | #CyberSecurity #NobodyIsPerfect #Awareness

Apple releases iOS and macOS updates with a mitigation for Spectre | #Update asap!! | #CyberSecurity #NobodyIsPerfect #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple just released iOS 11.2.2 with some Safari and WebKit improvements to mitigate the Spectre vulnerability. macOS is also receiving an update. It’s a supplemental update to macOS High Sierra 10.13.2 and it includes the same fix.

As always, you should update your devices with the latest security patches. In this case, Meltdown and Spectre are serious vulnerabilities. With Meltdown, a malicious application running on an unpatched device can read the unencrypted kernel memory. You don’t want anyone to grab your password and private encryption keys.

Meltdown was already addressed in previous updates. iOS 11.2, macOS 10.13.2 and tvOS 11.2 already included mitigations for Meltdown. Apple Watch chips aren’t affected by Meltdown.

Spectre isn’t as serious as it only breaks the isolation between multiple applications. But it can be exploited using JavaScript in a web browser. That’s why it’s important to fix it before somebody figures out how to distribute malicious JavaScript code in an ad unit.

On your iPhone or iPad, head over to the Settings app, then tap on General and Software Update. On your Mac, open the Mac App Store and check for updates.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Apple just released iOS 11.2.2 with some Safari and WebKit improvements to mitigate the Spectre vulnerability. macOS is also receiving an update. It’s a supplemental update to macOS High Sierra 10.13.2 and it includes the same fix.

As always, you should update your devices with the latest security patches. In this case, Meltdown and Spectre are serious vulnerabilities. With Meltdown, a malicious application running on an unpatched device can read the unencrypted kernel memory. You don’t want anyone to grab your password and private encryption keys.

Meltdown was already addressed in previous updates. iOS 11.2, macOS 10.13.2 and tvOS 11.2 already included mitigations for Meltdown. Apple Watch chips aren’t affected by Meltdown.

Spectre isn’t as serious as it only breaks the isolation between multiple applications. But it can be exploited using JavaScript in a web browser. That’s why it’s important to fix it before somebody figures out how to distribute malicious JavaScript code in an ad unit.

On your iPhone or iPad, head over to the Settings app, then tap on General and Software Update. On your Mac, open the Mac App Store and check for updates.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple confirms iPhone, Mac affected by Meltdown, Spectre flaws, but Apple Watch unaffected | #CyberSecurity #Awareness #NobodyIsPerfect 

Apple confirms iPhone, Mac affected by Meltdown, Spectre flaws, but Apple Watch unaffected | #CyberSecurity #Awareness #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple has issued a statement regarding the Meltdown and Spectre vulnerabilities, confirming all Mac systems and iOS devices are affected, but saying there are no known exploits impacting customers at this time.

The iPhone maker has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. A spokesperson confirmed Friday that Apple Watch is not affected by either Meltdown or Spectre, despite its own initial report Thursday.

"In the coming days we plan to release mitigations in Safari to help defend against Spectre," the company said in a statement. "We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, and tvOS."

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

Gust MEES's insight:

Apple has issued a statement regarding the Meltdown and Spectre vulnerabilities, confirming all Mac systems and iOS devices are affected, but saying there are no known exploits impacting customers at this time.

The iPhone maker has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. A spokesperson confirmed Friday that Apple Watch is not affected by either Meltdown or Spectre, despite its own initial report Thursday.

"In the coming days we plan to release mitigations in Safari to help defend against Spectre," the company said in a statement. "We continue to develop and test further mitigations within the operating system for the Spectre techniques, and will release them in upcoming updates of iOS, macOS, and tvOS."

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple : une faille de sécurité de plus de quinze ans découverte dans macOS | #CyberSecurity #NobodyIsPerfect

Apple : une faille de sécurité de plus de quinze ans découverte dans macOS | #CyberSecurity #NobodyIsPerfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Un chercheur en sécurité a découvert une faille importante datant au moins de 2002. Depuis quelques mois Apple enchaîne les vulnérabilités sur son système d’exploitation.


La faille aurait beau avoir plus de quinze ans, elle n’en donne pas moins accès à tout le contrôle de macOS. C’est la découverte réalisée par le chercheur en sécurité Siguza qui a dévoilé la chose sur Twitter et GitHub. Cette vulnérabilité zero-day concerne directement le kernel de l’OS d’Apple. Consolation pour les potentielles victimes, il faut toutefois avoir accès à la machine pour pouvoir l’exploiter.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Un chercheur en sécurité a découvert une faille importante datant au moins de 2002. Depuis quelques mois Apple enchaîne les vulnérabilités sur son système d’exploitation.


La faille aurait beau avoir plus de quinze ans, elle n’en donne pas moins accès à tout le contrôle de macOS. C’est la découverte réalisée par le chercheur en sécurité Siguza qui a dévoilé la chose sur Twitter et GitHub. Cette vulnérabilité zero-day concerne directement le kernel de l’OS d’Apple. Consolation pour les potentielles victimes, il faut toutefois avoir accès à la machine pour pouvoir l’exploiter.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple, Epson face French legal complaints over allegedly shortening life of products | #Lawsuits #HOP #France

Apple, Epson face French legal complaints over allegedly shortening life of products | #Lawsuits #HOP #France | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple, Epson face French legal complaints over allegedly shortening life of products

PARIS (Reuters) - Smartphone maker Apple (AAPL.O) and Japanese printer company Epson (6724.T) are facing legal complaints in France over allegedly speeding up the aging process of their products to stimulate demand.

 

Learn more / En savoir plus / Mehr erfahren:

 

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lawsuits

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Apple, Epson face French legal complaints over allegedly shortening life of products

PARIS (Reuters) - Smartphone maker Apple (AAPL.O) and Japanese printer company Epson (6724.T) are facing legal complaints in France over allegedly speeding up the aging process of their products to stimulate demand.

 

Learn more / En savoir plus / Mehr erfahren:

 

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lawsuits

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

BSI warnt vor Risikostufe 4: Apple schließt gefährliche Sicherheitslücken | #CyberSecurity #NobodyIsPerfect #Awareness #LEARNing2LEARN #ICT #Updates #iCloud

BSI warnt vor Risikostufe 4: Apple schließt gefährliche Sicherheitslücken | #CyberSecurity #NobodyIsPerfect #Awareness #LEARNing2LEARN #ICT #Updates #iCloud | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Mit "Apple iCloud für Windows" können Sie persönliche Dokumente, Mails, Fotos und Termine zwischen Apple-Geräten wie iPhone oder iPad und Windows-PC synchronisieren.

Apple hat für seine Software "iCloud für Windows" ein außerplanmäßiges Update auf Version 7.2 veröffentlicht, das gleich mehrere Sicherheitslücken schließt.


Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stuft die Sicherheitslücken auf seiner fünf-stufigen Skala mit Risikostufe 4 ("hoch") ein und empfiehlt allen iPhone- oder iPad-Nutzern mit Windows-PCs das Programm möglichst schnell zu updaten:


Apple behebt mit einem Sicherheitsupdate für iCloud für Windows mehrere Sicherheitslücken, die von einem Angreifer aus dem Internet ausgenutzt werden können, um beliebige Aktionen auf Ihrem Gerät auszuführen und private Informationen über Sie zu sammeln.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Mit "Apple iCloud für Windows" können Sie persönliche Dokumente, Mails, Fotos und Termine zwischen Apple-Geräten wie iPhone oder iPad und Windows-PC synchronisieren.

Apple hat für seine Software "iCloud für Windows" ein außerplanmäßiges Update auf Version 7.2 veröffentlicht, das gleich mehrere Sicherheitslücken schließt.


Das Bundesamt für Sicherheit in der Informationstechnik (BSI) stuft die Sicherheitslücken auf seiner fünf-stufigen Skala mit Risikostufe 4 ("hoch") ein und empfiehlt allen iPhone- oder iPad-Nutzern mit Windows-PCs das Programm möglichst schnell zu updaten:


Apple behebt mit einem Sicherheitsupdate für iCloud für Windows mehrere Sicherheitslücken, die von einem Angreifer aus dem Internet ausgenutzt werden können, um beliebige Aktionen auf Ihrem Gerät auszuführen und private Informationen über Sie zu sammeln.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Oh Apple, you really need to rethink how you do things | Yes, Apple is slowing down your old iPhone!

Oh Apple, you really need to rethink how you do things | Yes, Apple is slowing down your old iPhone! | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Quietly inserting code into iOS that measurably slows down the performance of older iPhones is a monumentally boneheaded blunder.

The ink is barely dry on the piece I wrote earlier this week about how Apple needs to do better in 2017 when it comes to light that the company has done another boneheaded thing.

Must read: Apple seems to have forgotten about the whole 'it just works' thing

It now turns out that the old yet often-quoted urban legend that Apple inserts code into iOS to slow down older iPhones is true.

Yes, Apple is slowing down your old iPhone.

The company admitted yesterday that it started doing it last year when it released iOS 10.2.1 following reports that iPhone 6, iPhone 6s, and iPhone SE were shutting down randomly due to cold weather, low battery charge, or battery aging.

Apple expanded the scope of this code to include iPhone 7 and iPhone 7 Plus devices with the release of iOS 11.2.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

Quietly inserting code into iOS that measurably slows down the performance of older iPhones is a monumentally boneheaded blunder.

The ink is barely dry on the piece I wrote earlier this week about how Apple needs to do better in 2017 when it comes to light that the company has done another boneheaded thing.

Must read: Apple seems to have forgotten about the whole 'it just works' thing

It now turns out that the old yet often-quoted urban legend that Apple inserts code into iOS to slow down older iPhones is true.

Yes, Apple is slowing down your old iPhone.

The company admitted yesterday that it started doing it last year when it released iOS 10.2.1 following reports that iPhone 6, iPhone 6s, and iPhone SE were shutting down randomly due to cold weather, low battery charge, or battery aging.

Apple expanded the scope of this code to include iPhone 7 and iPhone 7 Plus devices with the release of iOS 11.2.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New MacOS malware steals bank log-in details and intellectual property | #Apple #CyberSecurity #NobodyIsPerfect #Awareness

New MacOS malware steals bank log-in details and intellectual property | #Apple #CyberSecurity #NobodyIsPerfect #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

New MacOS malware steals bank log-in details and intellectual property.


Security researchers have discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber-criminals to take full control of a user's Mac computer.


The malware has already infected thousands of Mac computers around the world. According to a blog post by Amit Serper, principal security researcher at Cybereason, while usual adware campaigns enable the attackers to flood a person's computer with ads, this malware not only bombards Macs with adware, it spies on users and runs with the highest user privileges, enabling hackers to leverage this adware to capture personal information on the users, including bank account logins and intellectual property of businesses.

“To my surprise, it's very active. Not only is it still infecting people's Macs, OSX.Pirrit's authors learned from one of their mistakes (They obviously read at least one of our earlier reports),” said Serper.

He added that unlike old versions of OSX.Pirrit that used rogue browser plug-ins or even installed a proxy server on the victim's machine to hijack the browser, this incarnation uses AppleScript, Apple's scripting/automation language. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Malware

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

New MacOS malware steals bank log-in details and intellectual property.


Security researchers have discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber-criminals to take full control of a user's Mac computer.


The malware has already infected thousands of Mac computers around the world. According to a blog post by Amit Serper, principal security researcher at Cybereason, while usual adware campaigns enable the attackers to flood a person's computer with ads, this malware not only bombards Macs with adware, it spies on users and runs with the highest user privileges, enabling hackers to leverage this adware to capture personal information on the users, including bank account logins and intellectual property of businesses.

“To my surprise, it's very active. Not only is it still infecting people's Macs, OSX.Pirrit's authors learned from one of their mistakes (They obviously read at least one of our earlier reports),” said Serper.

He added that unlike old versions of OSX.Pirrit that used rogue browser plug-ins or even installed a proxy server on the victim's machine to hijack the browser, this incarnation uses AppleScript, Apple's scripting/automation language. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Malware

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

A malicious link being sent around will freeze your iPhone — even if you don't click on it | #Apple #NobodyIsPerfect #Awareness #Naivety #iMessage 

A malicious link being sent around will freeze your iPhone — even if you don't click on it | #Apple #NobodyIsPerfect #Awareness #Naivety #iMessage  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
A software developer discovered a bug that lets anyone send you a malicious link on iMessage that can crash your phone. 
Because the bug lies in the link preview, it can freeze the iMessage app without you even clicking on it.
Called "chaiOS," the bug affects phones running iOS 10 or later. 

A bug called "chaiOS" is wreaking havoc on iPhones. 

According to a report out Wednesday from BuzzFeed's Nicole Nguyen, the security vulnerability is capable of freezing or crashing your phone if you're sent a specific link through iMessage. 

According to BuzzFeed, the bug was originally discovered by software developer Abraham Masri, who posted his findings to Github. Masri said his intentions were good — he had alerted Apple to the bug ahead of time and said he only posted it publicly to get Apple's attention.

Masri's original post has since been taken down, but the link may still be floating around, according to BuzzFeed.

Because of the way links work in iMessage — the app generates previews of links before you click on them — you can be affected by chaiOS without even clicking on the link itself. The link preview contains the bug, and it can freeze iMessage all on its own. The bug is capable of crashing iMessage altogether, and in some cases, forcing you to restore your phone to factory settings. 

The bug affects phones running iOS 10 up to at least iOS 11.2.5 beta 5, according to BuzzFeed.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
A software developer discovered a bug that lets anyone send you a malicious link on iMessage that can crash your phone. 
Because the bug lies in the link preview, it can freeze the iMessage app without you even clicking on it.
Called "chaiOS," the bug affects phones running iOS 10 or later. 

A bug called "chaiOS" is wreaking havoc on iPhones. 

According to a report out Wednesday from BuzzFeed's Nicole Nguyen, the security vulnerability is capable of freezing or crashing your phone if you're sent a specific link through iMessage. 

According to BuzzFeed, the bug was originally discovered by software developer Abraham Masri, who posted his findings to Github. Masri said his intentions were good — he had alerted Apple to the bug ahead of time and said he only posted it publicly to get Apple's attention.

Masri's original post has since been taken down, but the link may still be floating around, according to BuzzFeed.

Because of the way links work in iMessage — the app generates previews of links before you click on them — you can be affected by chaiOS without even clicking on the link itself. The link preview contains the bug, and it can freeze iMessage all on its own. The bug is capable of crashing iMessage altogether, and in some cases, forcing you to restore your phone to factory settings. 

The bug affects phones running iOS 10 up to at least iOS 11.2.5 beta 5, according to BuzzFeed.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users | #CyberSecurity #Awareness

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users | #CyberSecurity #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018.

Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.

DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.

First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend's computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018.

Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.

DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.

First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend's computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

App Store: Neues Passwort-Problem in MacOS High Sierra | #CyberSecurity #Passwords #NobodyIsPerfect #Naivety #Awareness #Apple

App Store: Neues Passwort-Problem in MacOS High Sierra | #CyberSecurity #Passwords #NobodyIsPerfect #Naivety #Awareness #Apple | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Neues Passwort-Problem in MacOS High Sierra
MacOS High Sierra hat erneut ein Problem: Nun ist bekannt geworden, dass die Einstellungen für den eingebauten App Store ohne korrektes Passwort geändert werden können.

In der aktuellen Version von MacOS High Sierra können die Einstellungen im App-Store-Menü in den Systemeinstellungen mit einem beliebigen Passwort geändert werden. Dies zeigt ein Bugreport auf Open Radar. Die Sicherheitslücke ist indes nicht so gravierend wie die passwortlose Root-Anmeldung unter MacOS High Sierra und erfordert einen Administrator-Account.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Neues Passwort-Problem in MacOS High Sierra
MacOS High Sierra hat erneut ein Problem: Nun ist bekannt geworden, dass die Einstellungen für den eingebauten App Store ohne korrektes Passwort geändert werden können.

In der aktuellen Version von MacOS High Sierra können die Einstellungen im App-Store-Menü in den Systemeinstellungen mit einem beliebigen Passwort geändert werden. Dies zeigt ein Bugreport auf Open Radar. Die Sicherheitslücke ist indes nicht so gravierend wie die passwortlose Root-Anmeldung unter MacOS High Sierra und erfordert einen Administrator-Account.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple iOS 11.2.2 Release Has A Nasty Surprise | #Updates #NobodyIsPerfect #Naivety #Performance #Quality

Apple iOS 11.2.2 Release Has A Nasty Surprise | #Updates #NobodyIsPerfect #Naivety #Performance #Quality | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

For a number of iPhone owners iOS 11.2.2 is throttling performance by as much as 50%. I exclusively picked up on this trend in my iOS 11.2.2 Upgrade Guide yesterday as users were not just subjectively reporting their iPhones and iPads felt slower, but being able to demonstrate it with before and after benchmark scores (1, 2, 3, 4, 5, etc).

I was subsequently contacted by tech developer Melvin Mughal who, having read my Guide, decided to document a detailed breakdown of how his iPhone 6 performed before and after updating to iOS 11.2.2. For him the impact was dramatic.

Across over 30 single-core and multi-core benchmarks, Mughal found single-core and multi-core performance of his iPhone 6 fell by an average of 41% and 39% after updating to iOS 11.2.2. The results are broken down on his blog. It is worth pointing out Mughal upgrade to iOS 11.2.2 from iOS 11.1.2 not iOS 11.2.1, but that shouldn't be relevant as the throttling Apple introduced in iOS 11.2 was specifically for the iPhone 7 only. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

For a number of iPhone owners iOS 11.2.2 is throttling performance by as much as 50%. I exclusively picked up on this trend in my iOS 11.2.2 Upgrade Guide yesterday as users were not just subjectively reporting their iPhones and iPads felt slower, but being able to demonstrate it with before and after benchmark scores (1, 2, 3, 4, 5, etc).

I was subsequently contacted by tech developer Melvin Mughal who, having read my Guide, decided to document a detailed breakdown of how his iPhone 6 performed before and after updating to iOS 11.2.2. For him the impact was dramatic.

Across over 30 single-core and multi-core benchmarks, Mughal found single-core and multi-core performance of his iPhone 6 fell by an average of 41% and 39% after updating to iOS 11.2.2. The results are broken down on his blog. It is worth pointing out Mughal upgrade to iOS 11.2.2 from iOS 11.1.2 not iOS 11.2.1, but that shouldn't be relevant as the throttling Apple introduced in iOS 11.2 was specifically for the iPhone 7 only. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

macOS Bug Lets Local Admin Unlock App Store System Prefs With Any Password | #Apple #CyberSecurity #NobodyIsPerfect #Awareness

macOS Bug Lets Local Admin Unlock App Store System Prefs With Any Password | #Apple #CyberSecurity #NobodyIsPerfect #Awareness | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A bug has been discovered in macOS 10.13.2 that allows you to unlock the App Store system preferences using any username and password as long as you are logged in as a local admin. This means that if your account is an admin and you leave the computer unattended, anyone can change the App Store settings on the Mac without your knowledge.

While this is not as serious as the recent bug that allowed you to gain macOS root access by entering no password repeatedly, it does show that there are some serious code auditing issues in macOS regarding how passwords can be used. This is twice now in as little as three months that the password field was able to be used in macOS to gain extra privileges.


As shown in the video above, using this bug is really simple. Just open up the App Store system preferences and if the little padlock icon is locked, click on it. macOS will then prompt you for a username and password. Enter any username and password you want and press Unlock and the App Store system preferences will become unlocked. This allows you to change settings such as what updates to install, whether to install security updates, and more.

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

A bug has been discovered in macOS 10.13.2 that allows you to unlock the App Store system preferences using any username and password as long as you are logged in as a local admin. This means that if your account is an admin and you leave the computer unattended, anyone can change the App Store settings on the Mac without your knowledge.

While this is not as serious as the recent bug that allowed you to gain macOS root access by entering no password repeatedly, it does show that there are some serious code auditing issues in macOS regarding how passwords can be used. This is twice now in as little as three months that the password field was able to be used in macOS to gain extra privileges.


As shown in the video above, using this bug is really simple. Just open up the App Store system preferences and if the little padlock icon is locked, click on it. macOS will then prompt you for a username and password. Enter any username and password you want and press Unlock and the App Store system preferences will become unlocked. This allows you to change settings such as what updates to install, whether to install security updates, and more.

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

If you have a Mac, iPhone, or iPad, update your software right now | #CyberSecurity #Updates #Awareness #NobodyIsPerfect

If you have a Mac, iPhone, or iPad, update your software right now | #CyberSecurity #Updates #Awareness #NobodyIsPerfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
If you own any Apple products, you're going to want to make sure you have the latest updates installed.

Apple just released two incredibly important security updates for iOS and MacOS, which address the massive Spectre vulnerability Apple previously said affects all Macs and iPhones.

SEE ALSO: Apple on Meltdown and Spectre bugs: 'All Mac systems and iOS devices are affected'

The updates, 11.2.2 for iOS and 10.13.2 for macOS High Sierra, are available now for iPhones, iPads, and Macs.

Spectre was one of two major CPU vulnerabilities revealed by security researchers last week that affects devices with processors from major chip makers, including Intel, AMD, and ARM. Apple previously released software updates to address the other flaw, Meltdown.

While it's always a good idea to keep your software up to date, these latest updates are especially important. As security researchers have warned, the Meltdown and Spectre bugs are particularly nasty. So even if you're the type to wait days, or even weeks, to update to the latest software, you really shouldn't waste any time with these updates.

Google and Microsoft also previously released software updates to address the issue.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

Gust MEES's insight:
If you own any Apple products, you're going to want to make sure you have the latest updates installed.

Apple just released two incredibly important security updates for iOS and MacOS, which address the massive Spectre vulnerability Apple previously said affects all Macs and iPhones.

SEE ALSO: Apple on Meltdown and Spectre bugs: 'All Mac systems and iOS devices are affected'

The updates, 11.2.2 for iOS and 10.13.2 for macOS High Sierra, are available now for iPhones, iPads, and Macs.

Spectre was one of two major CPU vulnerabilities revealed by security researchers last week that affects devices with processors from major chip makers, including Intel, AMD, and ARM. Apple previously released software updates to address the other flaw, Meltdown.

While it's always a good idea to keep your software up to date, these latest updates are especially important. As security researchers have warned, the Meltdown and Spectre bugs are particularly nasty. So even if you're the type to wait days, or even weeks, to update to the latest software, you really shouldn't waste any time with these updates.

Google and Microsoft also previously released software updates to address the issue.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

15-year-old Unpatched Root Access Bug found in Apple’s macOS | #CyberSecurity #NobodyIsPerfect #Awareness #LPEexploit

15-year-old Unpatched Root Access Bug found in Apple’s macOS | #CyberSecurity #NobodyIsPerfect #Awareness #LPEexploit | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

An IT security researcher has leaked details on an unpatched Apple’s macOS bug which lets attackers gain root access and take complete control of a targeted device.

After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On the very first day of 2018 (or the last day of 2017, depending on your location and region), a security researcher having immense expertise in hacking Apple’s iOS has posted details of an unpatched security flaw present in macOS operating system.

“One tiny, ugly bug. Fifteen years. Full system compromise” wrote the researcher, who uses the alias Siguza (s1guza).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:

An IT security researcher has leaked details on an unpatched Apple’s macOS bug which lets attackers gain root access and take complete control of a targeted device.

After a disastrous 2017, where Apple faced all sorts of security-related issues and complaints, the company is in trouble again right from the first day of the New Year! On the very first day of 2018 (or the last day of 2017, depending on your location and region), a security researcher having immense expertise in hacking Apple’s iOS has posted details of an unpatched security flaw present in macOS operating system.

“One tiny, ugly bug. Fifteen years. Full system compromise” wrote the researcher, who uses the alias Siguza (s1guza).

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Sicherheitslücke in Prozessoren - Alle iPhones, iPads und Computer von Apple betroffen | #CyberSecurity #NobodyIsPerfect #Awareness #Spectre #Meltdown

Sicherheitslücke in Prozessoren - Alle iPhones, iPads und Computer von Apple betroffen | #CyberSecurity #NobodyIsPerfect #Awareness #Spectre #Meltdown | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
05.01.2018 - 01:50 Uhr
Durch eine massive Sicherheitslücke in den Computerchips von Milliarden Geräten können auf breiter Front vertrauliche Daten abgeschöpft werden.

Jetzt hat Apple bestätigt, dass auch „alle Mac-Systeme und iOS-Geräte betroffen sind“. Im Klartext: Jeder Apple-Computer, jedes iPhone und jedes iPad könnte von Hackern angegriffen werden. Bislang seien aber keine solche Attacken bekannt, erklärt Apple in einem Hilfe-Dokument. 

Was müssen Besitzer von Apple-Geräten wissen?

Nach Angaben des Unternehmens wurde eines der beiden möglichen Angriffsszenarien („Meltdown“)  bereits mit Aktualisierungen seiner Betriebssysteme abgestellt. Auf Geräten, die mit iOS 11.2, MacOS 10.13.2 bzw. tvOS 11.2 arbeiten, soll diese Angriffsmöglichkeit nicht mehr möglich sein.


Mit einem Update für den Internet-Browser Safari solle in den nächsten Tagen auch das Angriffsszenario „Spectre“ verhindert werden. Die Apple Watch ist laut Apple nicht von der Sicherheitslücke betroffen, benötigt daher keine Aktualisierung. 

Apple empfiehlt außerdem dringend, Apps oder Programme ausschließlich aus sicheren Quellen wie dem eigenen App-Store zu laden. Andernfalls laufe man Gefahr, gefährliche Spionagesoftware aufs eigene Gerät zu holen. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

Gust MEES's insight:
05.01.2018 - 01:50 Uhr
Durch eine massive Sicherheitslücke in den Computerchips von Milliarden Geräten können auf breiter Front vertrauliche Daten abgeschöpft werden.

Jetzt hat Apple bestätigt, dass auch „alle Mac-Systeme und iOS-Geräte betroffen sind“. Im Klartext: Jeder Apple-Computer, jedes iPhone und jedes iPad könnte von Hackern angegriffen werden. Bislang seien aber keine solche Attacken bekannt, erklärt Apple in einem Hilfe-Dokument. 

Was müssen Besitzer von Apple-Geräten wissen?

Nach Angaben des Unternehmens wurde eines der beiden möglichen Angriffsszenarien („Meltdown“)  bereits mit Aktualisierungen seiner Betriebssysteme abgestellt. Auf Geräten, die mit iOS 11.2, MacOS 10.13.2 bzw. tvOS 11.2 arbeiten, soll diese Angriffsmöglichkeit nicht mehr möglich sein.


Mit einem Update für den Internet-Browser Safari solle in den nächsten Tagen auch das Angriffsszenario „Spectre“ verhindert werden. Die Apple Watch ist laut Apple nicht von der Sicherheitslücke betroffen, benötigt daher keine Aktualisierung. 

Apple empfiehlt außerdem dringend, Apps oder Programme ausschließlich aus sicheren Quellen wie dem eigenen App-Store zu laden. Andernfalls laufe man Gefahr, gefährliche Spionagesoftware aufs eigene Gerät zu holen. 

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Meltdown+and+Spectre+Attacks

 

https://gustmeesde.wordpress.com/2014/12/26/programme-die-auf-jeden-neuen-pc-und-smartphones-gehoren/

 

https://gustmeesde.wordpress.com/2014/12/16/browser-sind-das-einfallstor-fur-malware-sind-eure-browser-up-to-date/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

MacOS LPE Exploit Gives Attackers Root Access; dating back to 2002!! | #Apple #NobodyIsPerfect 

MacOS LPE Exploit Gives Attackers Root Access; dating back to 2002!! | #Apple #NobodyIsPerfect  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems.

 

Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to a technical write-up outlining the research.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

 

Gust MEES's insight:

A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems.

 

Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to a technical write-up outlining the research.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=LPE+Exploit

 

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

HOP : Apple accusé d’obsolescence programmée en France | #NobodyIsPerfect #Naivety #Lawsuits

HOP : Apple accusé d’obsolescence programmée en France | #NobodyIsPerfect #Naivety #Lawsuits | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Le compteur des plaintes continue de tourner pour Apple, et il n’a sans doute pas fini de le faire. Aux Etats-Unis et à Israël, le fabricant totalisait déjà huit plaintes, la plupart sous le statut de class-action. Si ces procédures étaient jugées recevables, la firme pourrait écoper de plusieurs millions de dollars de sanctions.

En France, les peines encourues sont généralement moindres. Une condamnation serait cependant préjudiciable à l’image du géant mondial, surtout s’il était reconnu coupable de délit d’obsolescence programmée. C’est sur ce fondement que l’association HOP (Halte à l’Obsolescence Programmée), déjà auteure de plaintes similaires contre les fabricants d'imprimantes, attaque Apple.

Réduire délibérément la durée de vie pour vendre plus
Comme elle le rappelle dans un communiqué, depuis la loi de transition énergétique de 2015, la pratique de l’obsolescence programmée est un délit en France. Or, HOP estime qu’en altérant les performances des iPhone 6, 6S, SE et 7 au travers d’une mise à jour d’iOS, Apple s’est rendu coupable de ce délit.

Le ralentissement du processeur de ces iPhone, officiellement au motif d’en préserver la batterie, relève selon le plaignant de ce délit, défini comme « le recours à des techniques par lesquelles le responsable de la mise sur le marché d’un produit vise à en réduire délibérément la durée de vie pour en augmenter le taux de remplacement. »

L’association considère que la mise à jour par Apple « a lieu au moment même de la sortie de l’iPhone 8. Le ralentissement des appareils plus anciens semble avoir pour intention délibérée de pousser les clients d’Apple à l’achat du nouveau modèle. »

En cas de condamnation, la peine peut aller jusqu’à deux ans de prison et 300.000 euros d’amende, mais surtout 5% du chiffre d’affaires annuel. Et lorsqu’on est la multinationale la plus rentable de l’histoire, ce montant atteint donc plusieurs milliards de dollars.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lawsuits

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Le compteur des plaintes continue de tourner pour Apple, et il n’a sans doute pas fini de le faire. Aux Etats-Unis et à Israël, le fabricant totalisait déjà huit plaintes, la plupart sous le statut de class-action. Si ces procédures étaient jugées recevables, la firme pourrait écoper de plusieurs millions de dollars de sanctions.

En France, les peines encourues sont généralement moindres. Une condamnation serait cependant préjudiciable à l’image du géant mondial, surtout s’il était reconnu coupable de délit d’obsolescence programmée. C’est sur ce fondement que l’association HOP (Halte à l’Obsolescence Programmée), déjà auteure de plaintes similaires contre les fabricants d'imprimantes, attaque Apple.

Réduire délibérément la durée de vie pour vendre plus
Comme elle le rappelle dans un communiqué, depuis la loi de transition énergétique de 2015, la pratique de l’obsolescence programmée est un délit en France. Or, HOP estime qu’en altérant les performances des iPhone 6, 6S, SE et 7 au travers d’une mise à jour d’iOS, Apple s’est rendu coupable de ce délit.

Le ralentissement du processeur de ces iPhone, officiellement au motif d’en préserver la batterie, relève selon le plaignant de ce délit, défini comme « le recours à des techniques par lesquelles le responsable de la mise sur le marché d’un produit vise à en réduire délibérément la durée de vie pour en augmenter le taux de remplacement. »

L’association considère que la mise à jour par Apple « a lieu au moment même de la sortie de l’iPhone 8. Le ralentissement des appareils plus anciens semble avoir pour intention délibérée de pousser les clients d’Apple à l’achat du nouveau modèle. »

En cas de condamnation, la peine peut aller jusqu’à deux ans de prison et 300.000 euros d’amende, mais surtout 5% du chiffre d’affaires annuel. Et lorsqu’on est la multinationale la plus rentable de l’histoire, ce montant atteint donc plusieurs milliards de dollars.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Lawsuits

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

First Lawsuits Filed Against Apple for Slowing iPhones | Do customers now realizing about their #Naivety!?

First Lawsuits Filed Against Apple for Slowing iPhones | Do customers now realizing about their #Naivety!? | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Over the years, iPhone owners have often wondered aloud if Apple was doing something to slow down older devices. Now, we know that yes, it does do that. Just a few days after admitting that it has been quietly throttling older iPhones with degraded batteries, a pair of lawsuits have been filed against Apple alleging fraud and deceptive practices.

It became clear during the last few iOS version updates that Apple had opted to apply performance throttling to older devices. It wasn’t until Geekbench ran comparisons with various iOS versions that iPhone owners had any proof. Apple was forced to issue a statement in which is admitted to slowing down iPhones. In some ways, its position makes sense, but the way it handled the situation is terrible.

The situation has to do with how lithium-ion batteries age. We’re all familiar with batteries losing capacity as they get old, but they also have less voltage. It turns out Apple didn’t include enough headroom for the battery, and its voltage can fall below what is needed to power the custom A-series system-on-a-chip. Without enough voltage, the phone can just shut down without warning. Apple’s solution to this was to add performance throttling to iOS based on battery voltage. So, if your battery is degrading, your phone gets slow.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Over the years, iPhone owners have often wondered aloud if Apple was doing something to slow down older devices. Now, we know that yes, it does do that. Just a few days after admitting that it has been quietly throttling older iPhones with degraded batteries, a pair of lawsuits have been filed against Apple alleging fraud and deceptive practices.

It became clear during the last few iOS version updates that Apple had opted to apply performance throttling to older devices. It wasn’t until Geekbench ran comparisons with various iOS versions that iPhone owners had any proof. Apple was forced to issue a statement in which is admitted to slowing down iPhones. In some ways, its position makes sense, but the way it handled the situation is terrible.

The situation has to do with how lithium-ion batteries age. We’re all familiar with batteries losing capacity as they get old, but they also have less voltage. It turns out Apple didn’t include enough headroom for the battery, and its voltage can fall below what is needed to power the custom A-series system-on-a-chip. Without enough voltage, the phone can just shut down without warning. Apple’s solution to this was to add performance throttling to iOS based on battery voltage. So, if your battery is degrading, your phone gets slow.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

iMac Pro mit ARM-Chip: Wiederherstellung erfordert zweiten Mac | #Apple 

iMac Pro mit ARM-Chip: Wiederherstellung erfordert zweiten Mac | #Apple  | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Sollte bei einem System-Update etwas schiefgehen, muss man Apples teuren All-in-One-Mac umständlich neu aufsetzen – und braucht dafür einen zweiten Mac sowie ein passendes Kabel. Grund ist wohl der neue T2-Chip.

Eine Wiederherstellung des iMac Pro ist – im Unterschied zu allen anderen Macs – nicht ohne weiteres möglich: Um den neuen All-in-One-Mac bei schweren Problemen neu aufzusetzen, bedarf es eines zweiten Macs, wie Apple in einem Support-Dokument erklärt. Die Prozedur sei notwendig, wenn der iMac Pro unter “bestimmten Umständen” nicht mehr reagiert, etwa in Folge eines Stromausfalls während der Aktualisierung des Betriebssystems, erklärt der Hersteller.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's insight:
Sollte bei einem System-Update etwas schiefgehen, muss man Apples teuren All-in-One-Mac umständlich neu aufsetzen – und braucht dafür einen zweiten Mac sowie ein passendes Kabel. Grund ist wohl der neue T2-Chip.

Eine Wiederherstellung des iMac Pro ist – im Unterschied zu allen anderen Macs – nicht ohne weiteres möglich: Um den neuen All-in-One-Mac bei schweren Problemen neu aufzusetzen, bedarf es eines zweiten Macs, wie Apple in einem Support-Dokument erklärt. Die Prozedur sei notwendig, wenn der iMac Pro unter “bestimmten Umständen” nicht mehr reagiert, etwa in Folge eines Stromausfalls während der Aktualisierung des Betriebssystems, erklärt der Hersteller.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Ärger mit Face ID: Freundin kann iPhone X mit ihrem Gesicht entsperren | #Apple #NobodyIsPerfect

Ärger mit Face ID: Freundin kann iPhone X mit ihrem Gesicht entsperren | #Apple #NobodyIsPerfect | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
Wie ein chinesischer TV-Sender berichtet, gab eine Chinesin ihr iPhone X zurück, nachdem ihre Kollegin es problemlos entsperren konnte.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID

 

 

Gust MEES's insight:
Wie ein chinesischer TV-Sender berichtet, gab eine Chinesin ihr iPhone X zurück, nachdem ihre Kollegin es problemlos entsperren konnte.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Face-ID

 

more...
No comment yet.