Google's Project Zero research program has disclosed and released proof-of-concept code for a series of 0day — previously unknown — vulnerabilities found in Apple's OS X operating system for the Mac. These exploits are all fixed in OS X Yosemite 10.10.2, now in beta.
There's a story going around that quotes NSA whistleblower Edward Snowden's lawyer as saying Snowden won't use an iPhone because it has "special software" that could gather information about him. Instead, the lawyer says, Snowden has a simple phone". There's no first-hand account from Snowden and no details about what the "special software" might be — a web cookie? who knows! — but that hasn't stopped the quote from making its way across the sensationalism-over-security parts of the internet. So, what's really going?
When Apple first introduced Touch ID in 2013, the company initially only allowed using it for unlocking your iPhone and confirming App Store purchases. Now, thanks to iOS 8, app developers can securely take advantage of Touch ID to protect and secure purchases, notes, passwords, and other kinds of app data. These are currently our picks for best iPhone apps and best iPad apps that take advantage of Touch ID in ways that make your life easier and more secure!
As a result of Apple implementing Activation Lock on its iOS software, iPhone theft cases are on the decline. The Federal Communications Commission published a report in December detailing that iPhone thefts are down by a significant margin in major cities, such as in San Francisco, CA and New York, NY in the U.S. and London in the U.K.
Members of the CurrentC pilot program are receiving a notice today that the service has been breached, with an unspecified number of user email addresses having been compromised. MCX says that no other information was taken. The group reminds to avoid phishing scams, saying that they will never be contacted by CurrentC or MCX for their financial information over email.
T-Mobile is quietly upgrading the security of their older 2G network, moving to more advanced encryption that prevents eavedropping. The new, more secure network has already been deployed in at least three locations, New York, Washington, and Boulder, Colorado. The T-Mobile 2G network has previously relied on older A5/1 encryption, with the new security standard known as A5/3.
Apple has issued a statement regarding the attacks on iCloud.com, originally reported yesterday. Apple says that they are aware of the attacks, and they outline steps that users can take to make sure they are secure when using the iCloud website. Apple says a little about the security measures for the website, and details what you should see when logging into iCloud on Safari, Chrome, and Firefox.
Earlier today, a thread surfaced on Reddit offering up 400 Dropbox usernames and passwords in plain text, with a note that over seven million accounts have been compromised in total. Dropbox has since announced on its blog that it wasn't hacked, and that the leaked passwords were stolen from a third party service.
There's a new kind of spyware going around called Xsser that's reportedly targeting protestors in Hong Kong. The spyware — which appears to have ties to Android malware discovered last week — is installed via a Debian package and requires a victim's iPhone or iPad to be jailbroken. Breaking the root jail of iOS can provide for functionality beyond what Apple currently ships, but also strips away Apple's built-in iOS security. The same way jailbroken software can be loaded, malicious software can be loaded. (Same goes with bypassing Android's default security settings, as well as when you open up a phone to root access.) So what's going on with Xsser and how can you protect yourself?