security vulnerability | iMore

Order: BeatsX | AirPods | MacBook Pro | iPhone 7 | Shop: Insanely Cheap Wireless Plans

security vulnerability

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks

Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems.

More →

Understanding Apple's SSL/TLS Bug

Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So what kind of bug calls for such a response? Fortunately for those of us curious enough to wonder, Adam Langley has the answer.

More →

What's really going on with the Starbucks mobile app information leak, and what you need to know

Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.

More →

Macs at Apple headquarters breached through Java exploit, fix to be issued today

Apple has said that it has been attacked by hackers. The same group previously targeted Facebook. Computers at Apple’s Cupertino headquarters were attacked, the company said, but no data appears to have been stolen. Speaking to Reuters, Apple said that the intrusion was not widspread:

More →

Apple will fix in-app purchases vulnerability in iOS 6, provides workaround for now

In iOS 6, coming this fall, Apple will fix a security vulnerability in the App Store's in-app purchasing process that allows "man-in-the-middle" style attacks, steals from developers, and potentially exposes user account data to hackers. This according to a new, publicly-available support document posted to on in-app purchase receipt validation on iOS. Apple's preamble states:

More →