More Featured Articles

iPhone vs. Android and hardware encryption

iPhone vs. Android and hardware encryption

iPhones have supported hardware encryption for over 5 years. Android phones... well, it's complicated. When Google announced Android Lollipop, one of the most important features for customers in the post-Edward Snowden era was hardware encryption enabled by default. Put simply, on first-boot...
How to enable two-step verification for your Apple ID

How to set up two-factor authentication for iCloud

Most people use their Apple ID account not only for iCloud data, but to purchase content from iTunes and the App Store. That means that anyone who gets ahold of your account or manages to change your password could have access to your personal information and credit card information. If you want...
Messages

Apple comments on iOS 8 unicode crash bug, fix in the works

A bug in how iOS 8 renders Unicode is causing Messages to crash or reboot when a specific string is received. Update: An Apple spokesperson told iMore: We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update...
Security RSS Feed
Apple comments on XARA exploits, and what you need to know

Apple comments on XARA exploits, and what you need to know

'XARA' is an acronym for 'unauthorized cross-app resource access' and lumps together several exploits against OS X and iOS. Update: Apple has provided iMore with the following comment on the XARA exploits: Earlier this week we implemented a server-side app security update that secures app...
XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks

Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems. This week, security researchers from Indiana University released details of four security vulnerabilities they discovered in...
1Password and the XARA WebSocket exploit

1Password and the XARA WebSocket exploit

The makers of 1Password have gone into detail about how the unauthorized cross-resource attack affects their app. It's a compelling read for anyone interested in the recently disclosed XARA grouping of exploits. Specifically, AgileBits explains how this XARA exploit can be used to sniff data from...
Understanding Apple and privacy

Understanding Apple and privacy

A lot of people are getting a lot of things wrong about Apple's stance on privacy and security, and what it means for the future. Last week Apple's CEO, Tim Cook, once again reiterated the company's belief that people have a right to privacy and security, and that the cost of free-as-in-paid-for...
UEFI attack and the Mac: What you need to know

UEFI attack and the Mac: What you need to know

For owners of mid-2014 or earlier Macs, a new attack against a vulnerability in the UEFI boot script table is worth knowing about but won't affect most customers. UEFI - Unified Extensible Firmware Interface — is what the Mac uses to boot from firmware and into the OS X operating system. If you'...
How to fix iOS 8 Unicode Messages crash bug

How to fix iOS 8 Unicode Messages crash bug

Here's what you need to know about preventing and recovering from the iOS 8 Unicode crash bug. While Apple is working on a fix for the bug that causes Messages and notifications to crash iOS 8, there are several things you can do right now to help prevent your iPhone, iPad, or Apple Watch from...
Messages

Apple comments on iOS 8 unicode crash bug, fix in the works

A bug in how iOS 8 renders Unicode is causing Messages to crash or reboot when a specific string is received. Update: An Apple spokesperson told iMore: We are aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update...
Apple Watch, Apple Pay, and wrist detection: What you need to know

Apple Watch, Apple Pay, and wrist detection: What you need to know

Once you've unlocked your Apple Watch, wrist detection can keep it unlocked for as long as the screen is on or it maintains skin contact. As security systems go, wrist detection is clever: It lets you have the convenience of accessing your Apple Watch without having to continually re-enter your...
Regarding Apple Watch and Activation Lock

Regarding Apple Watch and Activation Lock

Unlike the iPhone, the Apple Watch doesn't yet feature Activation Lock. A theft deterrent system that requires your iCloud password to be disabled, Apple added Activation Lock to iOS in 2013 The Apple Watch, which runs a variant of iOS called Watch OS, doesn't yet secure the device beyond the...
Apple's FaceTime is end-to-end encrypted. Google Hangouts... isn't

Apple's FaceTime is end-to-end encrypted. Google Hangouts... isn't

Lack of end-to-end-encryption means that conversations on Hangouts, if subject to a legal order, can be wiretapped or otherwise surveilled. Google hadn't disclosed this information until a recent Reddit AMA (ask me anything) and a Vice follow-up that resulted. It's not clear whether Google has...

Pages