Apple Supplements macOS Security Update to Address Wide-Reaching Flaw

Only a few weeks after the recent release of macOS High Sierra 10.13.4, Apple has amended the update by publishing an additional fix under this version number. Addressing a new flaw described as “serious” by the security community, the supplemental version of 10.13.4 addresses a problem in Intel CPUs discovered near the end of April that affects a broad number of devices, including Windows and Linux machines. However, unlike the Spectre and Meltdown flaws that caused much concern due to their so-called “unpatchable” nature, there is a way to …

Latest Round of Apple Security Updates Includes iOS 11.3

After more than a month since the last big “patch day” for Apple products, the Cupertino company has now released to the public a new slew of updates that bring with them both new features and enhanced security. Covering everything from a new and essential update to iOS to important bug fixes in macOS, watchOS, and even Apple’s Xcode, these patches slam shut several open doors hackers might use to wreak havoc. Overall, these patches contain more than 90 fixes. Here’s a quick breakdown of what you can expect when …

Police Can Now Access iPhone Data Using a Secretive Piece of Hardware

For several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.

Some Apps on the Mac App Store Are Mining Cryptocurrency

The wave of cryptocurrency miners taking the place of common malware continues in 2018 unabated, and it appears every week we encounter another story about a website running surreptitious miners or a company looking for ways to use your CPU resources. As Mac users, we should be safe from those when we’re downloading validly signed apps from the Mac App Store, right? As it turns out, no — not all the time, unfortunately. In fact, it appears that Apple let an app with a Monero miner slip right through …

Apple Patches Yet Another Phone-Crashing Text Bug

We’ve recently seen a series of bugs on iOS and macOS devices that all follow a similar pattern: maliciously-formed links or simple emojis and text strings that cause the device to lock up and crash, sometimes repeatedly. A number of these issues have been fixed over the lifespan of the iPhone, but the past few months has seen a spike in the number of issues in this class requiring patches from Apple to fix. One of the most notable bugs from last year was a bug in the Messages app …

iPhone Source Code Leak Could Open the Floodgates for Hackers

A key piece of Apple’s iPhone source code may be out in the wild.

On February 7, someone posted something called “iBoot” on GitHub. GitHub is a popular site for sharing computer code. This time, though, it appears the code in question was not the user’s to share. Instead, “iBoot” is said to be the source code for a crucial iPhone boot process. The leak has the potential to jeopardize the security of the iPhone going forward.

According to a report on the leak from Motherboard, iBoot is the …

Apple Pushes Range of Updates for Quality of Life and Security

Alongside Apple’s recent updates to macOS Sierra and OS X El Capitan to address the Spectre and Meltdown vulnerabilities, the final week of January also saw the release of a variety of other incremental updates for most of Apple’s products. Typically, Apple does not disclose detailed descriptions of the security vulnerabilities they fix in these updates, preferring to speak in vague terms to avoid exposing attack vectors that are still open on un-patched systems. However, we do know a little about what went into some of these updates besides …

The Checklist 74: Overall iOS Security Features

Your iPhone is secure, right? That’s the general impression, anyway — and it’s certainly an impression Apple has worked hard to maintain over the years. It’s easy enough to call it secure, but what is in place to keep you safe? What does Apple do to protect its users day after day, and do we ever need to go beyond the “out of box” security experience? On today’s edition of The Checklist, we’re talking about the overall security features you’ll find in iOS, whether you’re an iPhone or an iPad user

Checklist 73: Meltdown, Spectre and You!

On today’s edition of The Checklist, we’re tackling the complex topics of Spectre and Meltdown, arguably two of the biggest and most far-reaching security vulnerabilities we’ve ever seen. Among those impacted are everyone from iOS and macOS users to Windows machines and just about anything powered by an Intel processor around the world!

Checklist 72: 2017 Security Review Part Two

Last week, we brought you Part One of our 2017 Security Year in Review. This week, we’ll wrap that up with Part Two! If you didn’t get a chance to check out Part One yet, the episode and its accompanying show notes are available right here in our archives. In it, you’ll find out about the highlights of the past year in both iOS and macOS security, including all the information you need to know about what the bad guys were up to in 2017. This week, we’re pulling back …

Checklist 71: 2017 Security Review Part One

For this, Episode 71 of The Checklist, we sat down during the first week of January 2018 to put a magnifying glass over the year that just ended. For part one of our discussion, we’re taking an in-depth look at the biggest security issues that affected macOS and iOS in 2017. With so many things going on — and there were quite a lot — it can be tough to remember all the details. To start our recap, we’ll go all the way back to this time one year ago: the beginning of January.

Apple Confirms Fixes for Major CPU Vulnerability, More on the Way

Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.

By exploiting a weakness in an advanced function within the processor, Meltdown allows …