security vulnerability | iMore

Give me some space!

Turn your Nintendo Switch into the ultimate console with a microSD card!

A closer look

Everything you need to know about the AT&T Unlimited plan

Users Guide

The third public beta for iOS 10.3 is here! This is how you get it

User Guide

Apple releases third public beta of macOS Sierra 10.12.4

iMore Offers

Get a lifetime of unlimited mobile backup from iDrive for $19.99

Beta time!

Apple releases third developer beta of iOS 10.3

Everything you need to know!

iPhone 8 will reportedly feature 3D-sensing FaceTime camera

Developers only!

tvOS 10.2 beta 3 now ready for developers

Developers only!

Apple releases third beta of watchOS 3.2 to developers

What you need to know

Four new iPad Pro models could be coming in March

Enter now!

We're giving away the new full-grain leather slim wallets from Pad & Quill

From 'OW' to 'WOW'

Hi, I'm an iPad Pro! โ€” 'We hear you' brings classic feel to new ads

Touch ID for all!

Why Touch ID makes the MacBook Pro the best Mac ever

๐Ÿฃ + ๐Ÿ + ๐Ÿ’Ž = ๐Ÿ‰

Pokรฉmon Go Gen 2 Guide โ€” New info!

Click. Swoon.

Billboard's cover: Shot on iPhone 7 Plus Portrait Mode

bye bye birdie

How to delete your Twitter account ๐Ÿšซ๐Ÿฅ

SWITCH IT UP

Nintendo Switch FAQ: Everything you need to know!

iOS Gaming Weekly

Here are the best new iPhone games out and on sale now!

Mastering AirPods

How to use your AirPods when you're offline

ALL EYES ON HOME

Why you might (and might not) want an indoor security camera in your home

< >

Order: BeatsX | AirPods | MacBook Pro | Order iPhone 7: Apple | Verizon | T-Mobile

security vulnerability

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks

Does the Indiana University XARA whitepaper make your head hurt? Here's an in-depth look at what "cross-app resource attacks" actually mean for your iOS and OS X systems.

More →


Understanding Apple's SSL/TLS Bug

Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So what kind of bug calls for such a response? Fortunately for those of us curious enough to wonder, Adam Langley has the answer.

More →


What's really going on with the Starbucks mobile app information leak, and what you need to know

Earlier this week, security researcher Daniel Wood disclosed his findings on Starbucks' insecure handling of sensitive user information in their iPhone app. The sensitive information discovered includes usernames, passwords, emails, addresses, location data, and OAuth keys. While Wood's findings are valid, the interpretations of his findings have been inaccurate and exaggerated.

More →


Macs at Apple headquarters breached through Java exploit, fix to be issued today

Apple has said that it has been attacked by hackers. The same group previously targeted Facebook. Computers at Appleโ€™s Cupertino headquarters were attacked, the company said, but no data appears to have been stolen. Speaking to Reuters, Apple said that the intrusion was not widspread:

More →


Apple will fix in-app purchases vulnerability in iOS 6, provides workaround for now

In iOS 6, coming this fall, Apple will fix a security vulnerability in the App Store's in-app purchasing process that allows "man-in-the-middle" style attacks, steals from developers, and potentially exposes user account data to hackers. This according to a new, publicly-available support document posted to developer.apple.com on in-app purchase receipt validation on iOS. Apple's preamble states:

More →