Security

Apple comments on XARA exploits, and what you need to know

XARA—an acronym for unauthorized cross-app resource access on Mac OS X and iOS—describe a series of exploits that you need to know about. Update: Apple has provided iMore with a comment.

More →

32
126
371
0

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks

Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems.

More →

24
104
223
0

1Password and the XARA WebSocket exploit

The makers of 1Password have gone into detail about how the unauthorized cross-resource attack (XARA), specifically the WebSockets exploit, affects their app

More →

2
10
57
0

Understanding Apple and privacy

A lot of people are getting a lot of things wrong about Apple's stance on privacy and security, and what it means for the future.

Last week Apple's CEO, Tim Cook, once again reiterated the company's belief that people have a right to privacy and security, and that the cost of free-as-in-paid-for-by-your-data services isn't always clearly understood. Those for who believe the conversation about privacy and security is the most important of our generation appreciated someone as powerful and influential as Cook giving it the spotlight it deserves. Those who believe the advancement of technology requires the relinquishing of previously held beliefs about privacy and security, however, reacted harshly. The problem is, many of them also reacted in a way that's just plain wrong.

More →

169
58
179
0

UEFI attack and the Mac: What you need to know

For owners of mid-2014 or earlier Macs, a new attack against a vulnerability in the UEFI boot script table is worth knowing about but won't affect most customers.

UEFI - Unified Extensible Firmware Interface — is what the Mac uses to boot from firmware and into the OS X operating system. If you're familiar with BIOS, then this replaced that. At the Chaos Communication Congress (CCC) in 2014, a presentation showed how a vulnerability in the boot script table could be used to rewrite the firmware when a Mac wakes after being in sleep mode. As usual, it's something to be informed about, but for the vast majority of people, nothing to panic about.

More →

16
18
78
0

How to fix iOS 8 Unicode Messages crash bug

Here's what you need to know about preventing and recovering from the iOS 8 Unicode crash bug.

While Apple is working on a fix for the bug that causes Messages and notifications to crash iOS 8, there are several things you can do right now to help prevent your iPhone, iPad, or Apple Watch from being affected, and to try to recover if you've already been affected.

More →

49
294
138
0

Apple comments on iOS 8 unicode crash bug, fix in the works

A bug in how iOS 8 renders Unicode is causing Messages to crash or reboot when a specific string is received.

Update: An Apple spokesperson told iMore:

We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update.

The bug occurs when your iPhone, iPad, or Apple Watch (which runs a variant of iOS 8) receives a message containing the specific string of Unicode characters. Because the specific string can't be rendered, the app crashes or the system restarts.

More →

61
151
129
0

Apple Watch, Apple Pay, and wrist detection: What you need to know

Once you've unlocked your Apple Watch, wrist detection can keep it unlocked for as long as the screen is on or it maintains skin contact.

As security systems go, wrist detection is clever: It lets you have the convenience of accessing your Apple Watch without having to continually re-enter your passcode or password, but provides enough security to protect your data, including Apple Pay credentials under normal circumstances. In that way it's similar to Touch ID, which can unlock your iPhone or iPad based on your fingerprint.

More →

12
8
61
0

Regarding Apple Watch and Activation Lock

Unlike the iPhone, the Apple Watch doesn't yet feature Activation Lock.

A theft deterrent system that requires your iCloud password to be disabled, Apple added Activation Lock to iOS in 2013 The Apple Watch, which runs a variant of iOS called Watch OS, doesn't yet secure the device beyond the default passcode/password intercept on the clock face. This was first noticed by @enMTW immediately following the Watch launch in April, but gained wider attention today following a story on iDownloadblog. So, what does it all mean?

More →

22
16
87
0

Apple's FaceTime is end-to-end encrypted. Google Hangouts... isn't

Lack of end-to-end-encryption means that conversations on Hangouts, if subject to a legal order, can be wiretapped or otherwise surveilled.

Google hadn't disclosed this information until a recent Reddit AMA (ask me anything) and a Vice follow-up that resulted. It's not clear whether Google has been asked to provide access to Hangouts, but the potential is there.

More →

12
88
141
0

Pages