Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker

Masque Attack

Last week, it was reported that Mac and iOS users in China were the target of new malware called WireLurker that resulted in Apple confirming the security issue and blocking the affected malware apps. Just days later, mobile security research firm FireEye reports it has uncovered a major iOS security flaw that it claims poses a much bigger threat to Apple users than WireLurker. Read more

Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities

adobe-flash

Due to a security flaw discovered in its Flash Player software, Adobe released an update to the web plugin earlier this week. Today Apple confirmed that it had updated its plugin blacklist for OS X to stop the system from using a version of Flash Player older than 14.0.0.145 (or 13.0.0.231 on older systems).

According to Apple’s product security team:

Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 14.0.0.145 and 13.0.0.231.

Read more

Researcher claims iOS 7 (including current 7.1.1) does not encrypt email attachments, Apple aware of issue

Screen Shot 2014-05-05 at 6.29.21 AM

Security researcher Andreas Kurtz has discovered that versions of iOS 7, including iOS 7.1.1 (the current release), iOS 7.1, and iOS 7.0.4 do not encrypt email attachments in the bundled Mail application. This is an issue itself, but more worrisome as iOS, according to Apple, is supposed to encrypt email attachments. Here’s a page from Apple’s website indicating that:

Read more

Apple patches another major security hole in its website that allowed access to all developer personal information

Screen Shot 2014-04-28 at 3.13.55 PM

Imagine our surprise when an email from a complete stranger showed up in our tips box containing the personal contact information—including cell phone numbers—of several 9to5Mac staffers, as well as a few high ranking Apple executives.

Last night Apple pulled the Developer Center offline for maintenance, but as is usually the case, no noticeable changes were visible when it came back up. As it turns out, the company was patching a very serious security breach that was discovered over the weekend, allowing anyone to access the personal contact information for every registered iOS, Mac, or Safari developer; every Apple Retail and corporate employee; and some key partners.

The issue was discovered by developer Jesse Järvi and brought to our attention on Saturday. A video of the exploit is below.  We ensured that the problem was reported to Apple and ran it up the ladder. Due to the critical nature of the problem, we would never reveal this type of flaw to the public until it had been dealt with and we had contacted Apple . As of last night, the hole has been patched. Keep reading for the full details of how the breach was executed and exactly what information was at risk.

Read more

MacBook Pro with Retina display: Problems in every dimension

MacBook-Problems-In-Every-Dimension

When Apple unveiled its first Retina MacBook Pro with the 15.4-inch model in June, it came with an all-new, slimmed down design, all-flash architecture, and its flagship Retina display with over 5 million pixels. Apple has built its reputation on quality, craftsmanship, and customer/user experience, but that hasn’t been the case with its latest lineup of MacBooks. What many consumers don’t know is that buying a new Retina MacBook means taking your chances with possibly receiving a unit that is subject to display defects, battery, graphics, and fan-related issues among other major stability problems. These widespread issues have received limited coverage in the press and many consumers claim Apple is failing to sufficiently address the problems by not informing consumers and employees.

Leading the reports of problems is one that causes burn-in or ghosting on the device’s display. The result is a support thread with over 364,769 views and, most recently, a class-action lawsuit in California that alleged Apple is failing to inform consumers of the issue. Users experiencing the problem eventually realized the source of the issue was with LG, one of Apple’s display suppliers for the new Retina MacBooks. Unfortunately, models with Samsung displays aren’t totally free from a myriad of other significant issues.

Apple described the image-retention problems on this user’s display as normal after two visits. The display was eventually replaced with a Samsung but continues to experience other display related problems. 

Problems at the Apple Store

Finally, after 4 LG screened rMBPs I give up!

The problems are severe enough that it’s affecting the buying experience for consumers, driving customers to opt for other devices, and forced me personally to stop recommending the machine. Not only is Apple not addressing the issues publicly, Apple retail employees and 9to5Mac readers confirmed Apple is failing to properly inform retail and repair staff of the problems… Read more